Matthew Kennedy's Avatar

Matthew Kennedy

@matthewkennedy

Manager at Microsoft Threat Intelligence Center (MSTIC). Adjunct Faculty at Georgetown University. Penn State Alum. Tweets are my own.

1,249
Followers 104
Following 18
Posts 14.11.2024
Joined
Posts Following

Latest posts by Matthew Kennedy @matthewkennedy

Microsoft has released new comprehensive security updates for all supported versions of SharePoint Server (Subscription Edition, 2019, and 2016) that protect customers against these new vulnerabilities. msft.it/6045sE1ux

22.07.2025 13:11 πŸ‘ 2 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
Preview
Microsoft is moving antivirus providers out of the Windows kernel Microsoft wants to avoid another CrowdStrike incident.

Microsoft is moving antivirus providers out of the Windows kernel

26.06.2025 16:20 πŸ‘ 38 πŸ” 6 πŸ’¬ 2 πŸ“Œ 1

Excellent work by Mandiant and crew! Great blog!

09.01.2025 12:05 πŸ‘ 6 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0

MSTIC is hiring in the UK and EU for entry level and senior analyst roles!

jobs.careers.microsoft.com/global/en/jo...

jobs.careers.microsoft.com/global/en/jo...

09.01.2025 12:03 πŸ‘ 8 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0
Preview
Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine | Microsoft Security Blog Since January 2024, Microsoft has observed Secret Blizzard using the tools or infrastructure of other threat groups to attack targets in Ukraine and download its custom backdoors Tavdig and KazuarV2.

Be sure to check out part 2!

Frequent freeloader part II: Russian actor Secret Blizzard using tools of other groups to attack Ukraine

www.microsoft.com/en-us/securi...

11.12.2024 21:54 πŸ‘ 13 πŸ” 3 πŸ’¬ 0 πŸ“Œ 0

jobs.careers.microsoft.com/global/en/jo...

jobs.careers.microsoft.com/global/en/jo...

05.12.2024 18:22 πŸ‘ 5 πŸ” 1 πŸ’¬ 2 πŸ“Œ 0

MSTIC is hiring! Current roles in US and AU.

The Microsoft Threat Intelligence Center (MSTIC) is recruiting experienced nation-state threat hunters with highly honed threat intel analysis skills. MSTIC is responsible for delivering timely threat intelligence across our product & services teams.

05.12.2024 18:22 πŸ‘ 114 πŸ” 34 πŸ’¬ 4 πŸ“Œ 5

Excellent work by the team!

Another fascinating example of Secret Blizzard using β€œthe tools/infrastructure of at least six other threat actors during the past seven years”

05.12.2024 00:22 πŸ‘ 6 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Preview
North Korean hackers have stolen billions in crypto by posing as VCs, recruiters and IT workers | TechCrunch Security researchers say North Korean hackers have infiltrated hundreds of organizations with the goal of taking money and stealing data to further the regime's nuclear weapons program.

New, by me: Security researchers say North Korean hackers, posing as VCs, recruiters, and remote IT workers, have infiltrated "hundreds of organizations" and stolen billions of crypto in recent years to fund the regime's nuke program.

My dispatch from Cyberwarcon: techcrunch.com/2024/11/28/n...

28.11.2024 14:02 πŸ‘ 162 πŸ” 69 πŸ’¬ 6 πŸ“Œ 14

Every holiday season I do a β€œsecurity tune up” across all my accounts to ensure I’m making use of the best new security features.

What features / tech should I prioritize this year?

28.11.2024 20:40 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

We are generally way too overconfident in understanding adversary intent.

Activity is straightforward, attribution is tricky and intent is often opaque and relies on organizational politics and bureacracy inside organizations.

24.11.2024 21:59 πŸ‘ 15 πŸ” 1 πŸ’¬ 2 πŸ“Œ 1

One of my favorite aspects about @cyberwarcon.bsky.social is how it’s a yearly homecoming for a group of people with the primary focus of making a positive impact in the digital domain.

Regardless of healthy business competition, there’s a shared camaraderie being in the fight together.

23.11.2024 15:56 πŸ‘ 25 πŸ” 2 πŸ’¬ 2 πŸ“Œ 0

Can’t forget to shout out these three GOATs who presented on Storm-2077 today!

23.11.2024 02:03 πŸ‘ 16 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0

James crushing it as always. But what’s even better is getting to work alongside of him each day. An amazing teammate and friend!

22.11.2024 22:04 πŸ‘ 9 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

James Elliott absolutely crushing the last talk of the day at #CYBERWARCON.

22.11.2024 21:44 πŸ‘ 14 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0

DoppelgΓ€nger insight from Meta: Professional/contracted IO has two audiences: the target of the campaign and those who hired them (Kremlin)

22.11.2024 16:05 πŸ‘ 5 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0

Made a list of accounts at @cyberwarcon.bsky.social to make it easier to follow along: bsky.app/profile/did:...

22.11.2024 14:44 πŸ‘ 9 πŸ” 3 πŸ’¬ 1 πŸ“Œ 0

As always, great insights from Josh and Pratik at Google TAG on IRGC operations. #cyberwarcon

22.11.2024 14:51 πŸ‘ 9 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON | Microsoft Security Blog At CYBERWARCON 2024, Microsoft Threat Intelligence analysts will share research and insights on North Korean and Chinese threat actors representing years of threat actor tracking, infrastructure monit...

Find out more on what MSTIC plans to present at CyberWarCon today!

www.microsoft.com/en-us/securi...

22.11.2024 13:21 πŸ‘ 7 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

The DPRK IT Worker apparatus is a well oiled machine. Few grasp the depth of how many pieces enable these operations.

21.11.2024 20:01 πŸ‘ 14 πŸ” 4 πŸ’¬ 0 πŸ“Œ 0
Preview
Between Two Gregs: An Update on the North Korean Threat Landscape In this episode of the Microsoft Threat Intelligence Podcast host Sherrod DeGrippo is joined by Proofpoint’s Greg Lesnewich and Microsoft’s Greg Schloemer to share the unique threat posed by North Korea’s (DPRK) state-sponsored cyber activities. The Gregs discuss their years of experience tracking North Korean cyber actors and the distinct tactics that set DPRK apart from other nation-sponsored threats. The conversation also explores North Korea’s high stakes, as DPRK threat actors operate under intense pressure from government handlers, adding a layer of urgency and fear to their operations. They share insights into North Korea’s aggressive use of stolen cryptocurrency to fund the regime’s initiatives, like ballistic missile tests, and discuss the broader geopolitical impact.

My two favorite Gregs talking my favorite topic. Check it out!

thecyberwire.com/podcasts/mic...

21.11.2024 15:00 πŸ‘ 3 πŸ” 2 πŸ’¬ 0 πŸ“Œ 0
Preview
Volt Typhoon: What State and Local Government Officials Need to Know Increased activity from the state-sponsored threat group Volt Typhoon raises concerns about the cybersecurity of U.S. critical infrastructure. Here’s how you can identify potential exposures and attac...

There's been a lot of attention on the Salt Typhoon intrusions. Don't forget the Volt Typhoon prepositioning is still a major problem as well!

www.tenable.com/blog/volt-ty...

19.11.2024 19:38 πŸ‘ 26 πŸ” 8 πŸ’¬ 0 πŸ“Œ 1

Excited to support my teammates as they share fascinating insights into threat actors from North Korea and China. Don’t miss these!

18.11.2024 01:00 πŸ‘ 9 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

It’s CYBERWARCON week!!!

CTI homecoming is here!

17.11.2024 16:28 πŸ‘ 10 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image

We have liberated this image from the oppressors @cyberwarcon.bsky.social

13.11.2024 15:51 πŸ‘ 16 πŸ” 5 πŸ’¬ 0 πŸ“Œ 0

One of the most fascinating aspects of following DPRK threat actors is observing leading indicators from numerous intrusion sets target the same technology months before an announcement.

16.11.2024 00:13 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Senior Security Researcher in Redmond, Washington, United States | Security Engineering at Microsoft Apply for Senior Security Researcher in Redmond, Washington, United States | Security Engineering at Microsoft

MSTIC is hiring! Come join our team focused on tracking and disrupting threats to Microsoft and our customers!

jobs.careers.microsoft.com/global/en/sh...

15.11.2024 02:41 πŸ‘ 0 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0