Note: we are updating as the investigation continues. Revision history listed at the bottom.
This post contains technical details about the methods of the actor we believe was involved in Recent Nation-State Cyber Attacks, with the goal to enable the broader security community to hunt for activity in their networks and contribute to a shared defense against this sophisticated threat actor.
Please see the Microsoft Product Protections and Resources section for additional investigative updates, guidance, and released protections.
As we wrote in that blog, while these elements aren’t present in every attack, this is a summary of techniques that are part of the toolkit of this actor.