New Threat Actor Intel Profiles Added to Defender TI

This post has been republished via RSS; it originally appeared at: Microsoft Tech Community - Latest Blogs - .

The Microsoft Defender Threat Intelligence (Defender TI) team has recently launched twenty-six new threat actor Intel Profiles and more than 50 additional articles customers can leverage immediately to take an intel-led approach to defend their organization from the latest threats. 


Intel Profiles are a single source of information that fully licensed security operations teams can use for instant insight into the threat ecosystem. Users can rapidly identify adversary-threat infrastructure and access actionable indicators of compromise (IOCs) and in-depth analysis of tools, tactics, and procedures (TTPs) drawn directly from threat infrastructure, including history, distribution, and trends. They also include recommended actions and guided insights about geolocation, industry, and targets. 


Intel profiles are updated daily via automated discovery and continuous scanning across the worldwide attack surface and maintained by the Microsoft Threat Intelligence community, which tracks over 300 threat actor groups, including 160 nation-state actors and over 50 ransomware groups. This team comprises over 8,000 experts across 77 countries, fluent in key languages. Members specialize in threat actor research, threat infrastructure research, endpoint threat research, ecosystem vulnerability research, incident response, geopolitics, linguistics, and more.  


The new Intel profiles, which include Volt Typhoon and Satin Sandstorm, reflect Microsoft's New threat actor naming taxonomy aligning with the theme of weather. This new convention brings better clarity to customers and other security researchers already confronted with overwhelming threat intelligence data. In the new taxonomy, threat actor groups are named after weather events, which are universal forces we must all counteract and adapt to - just like cyber threats. 


Volt Typhoon, a Chinese hacking group recently identified by Microsoft, targets critical infrastructure environments in the US to disrupt communications with Asia Pacific. Microsoft assesses with moderate confidence is pursuing the development of capabilities that could disrupt critical communications infrastructure between the United States and Asia region during future crises. 


New Intel Profiles Include Volt Typhoon, Mango Sandstorm, and Melon TyphoonNew Intel Profiles Include Volt Typhoon, Mango Sandstorm, and Melon Typhoon


Microsoft Threat Intelligence 


Threat intelligence is one of Microsoft's most significant investment areas, giving customers one of the highest-fidelity views of threats. Microsoft threat intelligence taps into massive telemetry comprised of more than 65 trillion signals collected from managing and defending four of the world's largest public clouds, Microsoft 365, Azure, and Dynamics 365. Microsoft also protects over 1.5B assets embedded across the planet, including mobile devices, servers, IoT devices, PCs, and a graph of the entire internet updated daily. Microsoft's tools and systems, along with expert researchers, engineers, and security products, blocked 9B endpoint threats, 31B identity threats, and 32B email threats in just a year. 


Begin Using Intel Profiles Today 


Begin your Defender TI free trial today to tap into Microsoft Threat Intelligence, including Intel Profiles, articles, and data sets found nowhere else, enabling your team to take its investigations to the next level.  



We hope this blog helps you understand the value Defender can provide. If you have inquiries regarding threat intelligence use cases mentioned or not mentioned in this blog and are not currently working with a Defender TI Technical Specialist or Global Black Belt, please comment below or email 




We would love to hear your ideas to improve our Defender TI platform or where our threat intelligence could be used elsewhere across the Microsoft Security ecosystem or other security third-party applications. Feel free to comment below or email to share that feedback. If you are currently working with a Defender TI Technical Specialist or Global Black Belt through this PoC, please communicate your requested use cases and product feedback to them directly. 


Learn About New Defender TI Features 


Please join our Cloud Security Private Community. Users that would like to help influence the direction and strategy of our Defender TI product are encouraged to sign-up for our Private Preview events. Those participating will earn credit for respective Microsoft product badges delivered by Credly. 


Additional Resources 


What is Microsoft Defender Threat Intelligence (Defender TI)? | Microsoft Learn 

Microsoft Defender Threat Intelligence Blog - Microsoft Community Hub 

Become a Microsoft Defender Threat Intelligence Ninja: The complete level 400 training 


Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.