Microsoft to notify Office 365 users of nation-state attacks

Pierluigi Paganini February 09, 2021

Microsoft implements alerts for ‘nation-state activity’ in the Defender for Office 365 dashboard, to allow organizations to quickly respond.

Since 2016, Microsoft has been alerting users of nation-state activity, now the IT giant added the same service to the Defender for Office 365 dashboard.

The new security alert will notify companies when their employees are being targeted by state-sponsored attacks.

Since this Saturday, the new alert service was added to the Microsoft 365 roadmap website.

“Nation state threats are defined as cyber threat activity that originates in a particular country with the apparent intent of furthering national interests. These attacks represent some of the most advanced and persistent threat activity Microsoft tracks.” reads the announcement published by Microsoft. “The Microsoft Threat Intelligence Center follows these threats, builds comprehensive profiles of the activity, and works closely with all Microsoft security teams to implement detections and mitigations to protect our customers. We’re adding an alert to the security portal to alert customers when suspected nation-state activity is detected in the tenant.”

Since 2016 Microsoft continues to track nation-state activity against the email accounts of its customers, the IT giant warned of state-sponsored hacking campaigns originating from China, Russia, and Iran for years.

Every time Microsoft experts have detected attacks from state-sponsored hackers, they have alerted users via email.

Unfortunately, not all users read the email alerts, or for some reason, they could read the alerts with delay giving the attackers the time to conduct malicious activities.

To make the alerting service more efficient, Microsoft implemented it inside the dashboard of Microsoft Defender for Office 365 (previously known as Office 365 Advanced Threat Protection or Office 365 ATP) .

Microsoft Defender for Office 365 protects all of Office 365 against advanced threats like business email compromise and credential phishing. It automatically investigates and remediates attacks.

The alerts are also sent to system administrators and security teams, who can directly contact the affected employees and take action to prevent their accounts take over.

Microsoft plans to deploy the new notification feature by the end of February.

Microsoft is offering organizations that don’t yet have a license with support for Microsoft Defender for Office 365 a free 30-day evaluation.

If you want to receive the weekly Security Affairs Newsletter for free subscribe here.

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, nation-state hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]



you might also like

leave a comment