Microsoft Defender

The Gentlemen ransomware, operated by Storm-2697 as a RaaS, employs a combination of strong per-file encryption with aggressive self-propagation to achieve broad network compromise, targeting Windows environments and using double extortion tactics.

A cryptojacking campaign targets systems with high-performance GPUs using SEO poisoning and manipulated AI chatbot recommendations, distributing malware disguised as legitimate software utilities to establish persistence and evade detection before deploying GPU mining programs.

A threat actor compromised a third-party IT services provider and abused legitimate IT management tools like HPE Operations Agent to conduct a stealthy campaign focusing on long-term access, credential theft, and persistent footholds within a target environment.

A malicious repository on Hugging Face, impersonating OpenAI's 'Privacy Filter' project, distributed information-stealing malware to Windows users by executing a PowerShell command that downloads and runs a Rust-based infostealer, which exfiltrates collected data to a command-and-control server.

A malicious website impersonating Anthropic's Claude AI platform delivers the Beagle backdoor through a DLL sideloading attack, leveraging a compromised G DATA antivirus updater to execute malicious code.

In Q1 2026, email threats increased, including credential phishing, QR code phishing, and CAPTCHA-gated campaigns, with Microsoft's disruption of the Tycoon2FA phishing platform leading to a 15% volume decrease and shifts in threat actor tactics; BEC activity remained prevalent at 10.7 million attacks.

Adversaries may disable or tamper with Microsoft Defender features via registry modifications to evade detection and conceal malicious behavior on Windows systems.

The EDRSilencer tool is designed to block outbound traffic of EDR processes by leveraging Windows Filtering Platform (WFP) APIs to evade endpoint defenses.