PerspectiveInside the Microsoft Team Tracking the World’s Most Dangerous Hackers

Published 7 November 2019

When the Pentagon recently awarded Microsoft a $10 billion contract to transform and host the U.S. military’s cloud computing systems, the mountain of money came with an implicit challenge: Can Microsoft keep the Pentagon’s systems secure against some of the most well-resourced, persistent, and sophisticated hackers on earth?

When the Pentagon recently awarded Microsoft a $10 billion contract to transform and host the U.S. military’s cloud computing systems, the mountain of money came with an implicit challenge: Can Microsoft keep the Pentagon’s systems secure against some of the most well-resourced, persistent, and sophisticated hackers on earth?

“They’re under assault every hour of the day,” says James Lewis, vice president at the Center for Strategic and International Studies. 

Patrick Howell O’Neill writes in Technology Review that Microsoft’s latest win over cloud rival Amazon for the ultra-lucrative military contact means that an intelligence-gathering apparatus among the most important in the world is based in the woods outside Seattle.

These kinds of national security responsibilities once sat almost exclusively in Washington, DC. Now in this corner of Washington state, dozens of engineers and intelligence analysts are dedicated to watching and stopping the government-sponsored hackers proliferating around the world.

Members of the so-called MSTIC (Microsoft Threat Intelligence Center) team are threat-focused: one group is responsible for Russian hackers code-named Strontium, another watches North Korean hackers code-named Zinc, and yet another tracks Iranian hackers code-named Holmium. MSTIC tracks over 70 code-named government-sponsored threat groups and many more that are unnamed.

O’Neill adds:

Cyber threat intelligence is the discipline of tracking adversaries, following bread crumbs, and producing intelligence you can use to help your team and make the other side’s life harder. To achieve that, the five-year-old MSTIC team includes former spies and government intelligence operators whose experience at places like Fort Meade, home to the National Security Agency and US Cyber Command, translates immediately to their roles at Microsoft. 

MSTIC names dozens of threats, but the geopolitics are complicated: China and the United States, two of the most significant players in cyberspace and the two biggest economies on earth, are virtually never called out the way countries like IranRussia, and North Korea frequently are.