Merge branch 'main' into patch-19

Stacyrch140 · web-flow · commit 037e6cf2e0eb · 2024-12-03T17:33:42.000-05:00
diff --git a/defender-xdr/microsoft-threat-actor-naming.md b/defender-xdr/microsoft-threat-actor-naming.md
@@ -17,7 +17,7 @@ ms.custom:
 - cx-ti
 ms.topic: conceptual
 search.appverid: met150
-ms.date: 09/25/2024
+ms.date: 12/03/2024
 ---
 
 # How Microsoft names threat actors
@@ -121,12 +121,13 @@ Use the following reference table to understand how our previously publicly disc
 |Seashell Blizzard|IRIDIUM|Russia|APT44, Sandworm|
 |Secret Blizzard|KRYPTON|Russia|Venomous Bear, Turla, Snake|
 |Sefid Flood|Storm-1364|Iran, Influence operations||
+|Shadow Typhoon|Storm-0062|China|DarkShadow, Oro0lxy|
 |Silk Typhoon|HAFNIUM|China||
 |Smoke Sandstorm|BOHRIUM|Iran|UNC1549|
 |Spandex Tempest|CHIMBORAZO|Financially motivated|TA505|
 |[Star Blizzard](https://www.microsoft.com/en-us/security/blog/2023/12/07/star-blizzard-increases-sophistication-and-evasion-in-ongoing-attacks/)|SEABORGIUM|Russia|Callisto, Reuse Team|
-|Storm-0062||China|DarkShadow, Oro0lxy|
 |Storm-0133||Iran|LYCEUM, HEXANE|
+|Storm-0156||Pakistan||
 |Storm-0216||Financially motivated|Twisted Spider, UNC2198|
 |Storm-0257||Group in development|UNC1151|
 |Storm-0324||Financially motivated|TA543, Sagrid|
@@ -137,14 +138,15 @@ Use the following reference table to understand how our previously publicly disc
 |Storm-0539||Financially motivated|Atlas Lion|
 |Storm-0569||Financially motivated||
 |Storm-0587||Russia|SaintBot, Saint Bear, TA471|
-|Storm-0744||Financially motivated||
+|Storm–0593||Group in development||
 |Storm-0784||Iran||
 |Storm-0829||Group in development|Nwgen Team|
 |Storm-0835||Group in development|EvilProxy|
 |Storm-0842||Iran||
 |Storm-0844||Group in development||
 |Storm-0861||Iran||
 |Storm-0867||Egypt|Caffeine|
+|[Storm-0940](https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/)||China||
 |Storm-0971||Financially motivated|(Merged into Octo Tempest)|
 |[Storm-0978](https://www.microsoft.com/en-us/security/blog/2023/07/11/storm-0978-attacks-reveal-financial-and-espionage-motives/)||Group in development|RomCom, Underground Team|
 |Storm-1044||Financially motivated|Danabot|
@@ -167,17 +169,21 @@ Use the following reference table to understand how our previously publicly disc
 |Storm-1804||Iran, Influence operations||
 |Storm-1805||Iran, Influence operations||
 |[Storm-1811](https://www.microsoft.com/en-us/security/blog/2024/05/15/threat-actors-misusing-quick-assist-in-social-engineering-attacks-leading-to-ransomware/)||Financially motivated||
-|Storm-1841||Russia, Influence operations||
+|Storm-1837||Russia||
 |Storm-1849||China|UAT4356|
 |Storm-1852||Group in development||
+|Storm-1919||Group in development||
 |Storm-2035||Iran, Influence operations||
+|Storm-2049||Group in development||
+|[Storm-2077](https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/#storm-2077)||China|TAG-100|
 |Strawberry Tempest||Financially motivated|LAPSUS$|
 |Sunglow Blizzard||Russia||
 |Taizi Flood|Storm-1376|China, Influence operations|Spamouflage, Dragonbridge|
 |Tomato Tempest|SPURR|Financially motivated|Vatet|
 |[Vanilla Tempest](https://www.microsoft.com/en-us/security/blog/2022/10/25/dev-0832-vice-society-opportunistic-ransomware-campaigns-impacting-us-education-sector/)|DEV-0832|Financially motivated||
 |Velvet Tempest|DEV-0504|Financially motivated||
 |Violet Typhoon|ZIRCONIUM|China|APT31|
+|Volga Flood|Storm-1841|Russia, Influence operations||
 |[Volt Typhoon](https://www.microsoft.com/security/blog/2023/05/24/volt-typhoon-targets-us-critical-infrastructure-with-living-off-the-land-techniques)||China|BRONZE SILHOUETTE, VANGUARD PANDA|
 |Wine Tempest|PARINACOTA|Financially motivated|Wadhrama|
 |Wisteria Tsunami|DEV-0605|Private sector offensive actor|CyberRoot|
diff --git a/defender-xdr/whats-new.md b/defender-xdr/whats-new.md
@@ -6,7 +6,7 @@ ms.service: defender-xdr
 ms.author: diannegali
 author: diannegali
 ms.localizationpriority: medium
-ms.date: 11/18/2024
+ms.date: 12/03/2024
 manager: dansimp
 audience: ITPro
 ms.collection:
@@ -32,6 +32,7 @@ You can also get product updates and important notifications through the [messag
 ## December 2024
 - (Preview) The [Link to incident](advanced-hunting-defender-results.md#link-query-results-to-an-incident) feature in Microsoft Defender advanced hunting now allows linking of Microsoft Sentinel query results. In both the Microsoft Defender unified experience and in [Defender XDR advanced hunting](advanced-hunting-link-to-incident.md), you can now specify whether an entity is an impacted asset or related evidence.
 - (Preview) In [advanced hunting](advanced-hunting-defender-use-custom-rules.md#use-adx-operator-for-azure-data-explorer-queries-preview), Microsoft Defender portal users can now use the `adx()` operator to query tables stored in Azure Data Explorer. You no longer need to go to log analytics in Microsoft Sentinel to use this operator if you are already in Microsoft Defender.
+-  New documentation library for Microsoft's unified security operations platform. Find centralized documentation about [Microsoft's unified SecOps platform in the Microsoft Defender portal](/unified-secops-platform/overview-unified-security). Microsoft's unified SecOps platform brings together the full capabilities of Microsoft Sentinel, Microsoft Defender XDR, Microsoft Security Exposure Management, and generative AI into the Defender portal. Learn about the features and functionality available with Microsoft's unified SecOps platform, then start to plan your deployment.
 
 ## November 2024
 
