🚹 Critical Cyber Threat: Russian GRU APT28 Targets Western Logistics Infrastructure

A comprehensive analysis of the latest international cybersecurity advisory revealing Russian state-sponsored attacks against Western supply chains supporting Ukraine.

🎯 Executive Summary

In a joint cybersecurity advisory released by multiple international intelligence agencies, we're witnessing an unprecedented escalation in Russian military intelligence (GRU) cyber operations. The threat actor known as APT28, Fancy Bear, Forest Blizzard, and BlueDelta has been systematically targeting Western logistics entities and technology companies that coordinate aid shipments to Ukraine.

⚠ Key Threat Indicators

  • Primary Targets: Logistics companies, transportation hubs, maritime operations
  • Geographic Scope: 13 countries including US, Germany, Poland, France
  • Attack Vectors: Spearphishing, credential stuffing, CVE exploitation
  • Advanced Tactics: Custom malware, IP camera surveillance, email collection


🌍 Global Impact and Targeted Sectors

Countries Under Attack

The following nations have confirmed targeted entities:

Bulgaria, Czech Republic, France, Germany, Greece, Italy, Moldova, Netherlands, Poland, Romania, Slovakia, Ukraine, United States


⚔ Advanced Attack Techniques

Campaign Timeline


Initial Access Methods

  • Credential Guessing/Brute Force - Systematic password attacks
  • Spearphishing Campaigns - Targeted emails with malicious links/attachments
  • CVE Exploitation - Outlook NTLM (CVE-2023-23397), WinRAR (CVE-2023-38831)
  • VPN Exploitation - Compromising corporate VPN infrastructure

Post-Compromise Operations

  • Active Directory Compromise - Dumping NTDS.dit databases
  • Email Collection - Sustained access to organizational communications
  • Lateral Movement - Using Impacket tools and PsExec
  • Data Exfiltration - Stealing sensitive shipment information


đŸ•”ïž Malware Arsenal Analysis

HEADLACE

A sophisticated backdoor that uses malicious shortcuts and credential phishing to establish persistence.

MASEPIE

Python-based malware for remote command execution and file manipulation.

STEELHOOK

PowerShell script designed to steal browser credentials from Chrome and Edge.

Custom NTLM Listener

Specialized tool for capturing and relaying NTLM authentication credentials.


đŸ“č IP Camera Surveillance Operations

One of the most concerning aspects of this campaign is the targeting of IP cameras at border crossings and military installations. The attackers have:

  • Targeted over 10,000 IP cameras primarily in Ukraine and bordering countries
  • Focused 81% of efforts on Ukrainian cameras
  • Used RTSP protocol to access camera feeds
  • Monitored aid shipment movements in real-time


đŸ›Ąïž Azure Sentinel Detection Rules

Below are custom KQL queries to detect APT28 activities in your environment:

1. Brute Force IP Detection

// Detection for GRU Unit 26165 Brute Force IP Addresses
let BruteForceIPs = dynamic([
    "192.162.174.94", "207.244.71.84", "31.135.199.145", "79.184.25.198", "91.149.253.204",
    "103.97.203.29", "162.210.194.2", "31.42.4.138", "79.185.5.142", "91.149.254.75",
    "209.14.71.127", "46.112.70.252", "83.10.46.174", "91.149.255.122",
    "109.95.151.207", "46.248.185.236", "83.168.66.145", "91.149.255.19",
    "64.176.67.117", "83.168.78.27", "91.149.255.195",
    "64.176.69.196", "83.168.78.31", "91.221.88.76",
    "70.34.242.220", "89.64.70.69", "147.135.209.245"
]);
union SecurityEvent, SigninLogs, CommonSecurityLog, DeviceNetworkEvents
| where TimeGenerated >= ago(30d)
| where (IpAddress in (BruteForceIPs)) or 
        (ClientIP in (BruteForceIPs)) or 
        (SourceIP in (BruteForceIPs)) or
        (RemoteIP in (BruteForceIPs))
| extend ThreatIndicator = "GRU Unit 26165 Brute Force Infrastructure"
| project TimeGenerated, Computer, Account, IpAddress, ClientIP, SourceIP, RemoteIP, Activity, ThreatIndicator


2. Malicious Email Detection (CVE-2023-23397)

// Detection for CVE-2023-23397 Exploitation IOCs
let MaliciousEmails = dynamic([
    "md-shoeb@alfathdoor.com.sa", "jayam@wizzsolutions.com", "accounts@regencyservice.in",
    "m.salim@tsc-me.com", "vikram.anand@4ginfosource.com", "mdelafuente@ukwwfze.com",
    "sarah@cosmicgold469.co.za", "franch1.lanka@bplanka.com", "commerical@vanadrink.com",
    "maint@goldenloaduae.com", "karina@bhpcapital.com", "tv@coastalareabank.com",
    "ashoke.kumar@hbclife.in"
]);
EmailEvents
| where TimeGenerated >= ago(30d)
| where SenderFromAddress in (MaliciousEmails) or 
        SenderMailFromAddress in (MaliciousEmails) or
        RecipientEmailAddress in (MaliciousEmails)
| extend ThreatIndicator = "CVE-2023-23397 Exploitation Attempt"
| project TimeGenerated, SenderFromAddress, SenderMailFromAddress, RecipientEmailAddress, Subject, AttachmentCount, ThreatIndicator


3. Suspicious Archive Detection (CVE-2023-38831)

// Detection for Malicious Archive Filenames (CVE-2023-38831)
let MaliciousArchives = dynamic([
    "calc.war.zip", "news_week_6.zip", "Roadmap.zip", 
    "SEDE-PV-2023-10-09-1_EN.zip", "war.zip", "Zeyilname.zip"
]);
DeviceFileEvents
| where TimeGenerated >= ago(30d)
| where FileName in (MaliciousArchives) or 
        FolderPath contains "calc.war.zip" or
        FolderPath contains "news_week_6.zip" or
        FolderPath contains "war.zip"
| extend ThreatIndicator = "CVE-2023-38831 Malicious Archive"
| project TimeGenerated, DeviceName, FileName, FolderPath, InitiatingProcessAccountName, ThreatIndicator


4. Suspicious Command Line Detection

// Detection for Suspicious Command Lines Used by APT28
DeviceProcessEvents
| where TimeGenerated >= ago(30d)
| where ProcessCommandLine contains "ntdsutil.exe \"activate instance ntds\" ifm \"create full C:\\temp\\" or
        ProcessCommandLine contains "edge.exe \"-headless-new -disable-gpu\"" or
        ProcessCommandLine contains "ssh -Nf" or
        ProcessCommandLine contains "schtasks /create /xml"
| extend ThreatIndicator = "APT28 Suspicious Command Line"
| project TimeGenerated, DeviceName, ProcessCommandLine, InitiatingProcessAccountName, FileName, ThreatIndicator


🩠 Malware-Specific Detection Rules

HEADLACE Malware Detection

// HEADLACE Malware Detection
DeviceFileEvents
| where TimeGenerated >= ago(30d)
| where FileName endswith ".lnk"
| join kind=inner (
    DeviceProcessEvents
    | where ProcessCommandLine contains "msedge.exe" and ProcessCommandLine contains "--headless=new"
    | where ProcessCommandLine contains "--disable-gpu"
) on DeviceId
| extend ThreatIndicator = "HEADLACE Malware Activity"
| project TimeGenerated, DeviceName, FileName, FolderPath, ProcessCommandLine, ThreatIndicator

// HEADLACE Credential Phishing Detection
DeviceProcessEvents
| where TimeGenerated >= ago(30d)
| where ProcessCommandLine contains "Get-Credential" and 
        ProcessCommandLine contains "whoami" and
        ProcessCommandLine contains "while($true)"
| extend ThreatIndicator = "HEADLACE Credential Phishing"
| project TimeGenerated, DeviceName, ProcessCommandLine, InitiatingProcessAccountName, ThreatIndicator


MASEPIE Python Script Detection

// MASEPIE Python Script Detection
DeviceFileEvents
| where TimeGenerated >= ago(30d)
| where FileName endswith ".py"
| join kind=inner (
    DeviceProcessEvents
    | where ProcessCommandLine contains "os.popen('whoami').read()" or
            ProcessCommandLine contains "elif message == 'check'" or
            ProcessCommandLine contains "elif message == 'send_file':" or
            ProcessCommandLine contains "Bad command!'.encode('ascii'"
) on DeviceId
| extend ThreatIndicator = "MASEPIE Malware"
| project TimeGenerated, DeviceName, FileName, FolderPath, ProcessCommandLine, ThreatIndicator


STEELHOOK Browser Credential Theft

// STEELHOOK PowerShell Script Detection
DeviceProcessEvents
| where TimeGenerated >= ago(30d)
| where ProcessCommandLine contains "LOCALAPPDATA\\Google\\Chrome\\User Data\\Local State" and
        ProcessCommandLine contains "LOCALAPPDATA\\Microsoft\\Edge\\User Data\\Local State" and
        (ProcessCommandLine contains "os_crypt.encrypted_key" or
         ProcessCommandLine contains "System.Security.Cryptography.DataProtectionScope")
| extend ThreatIndicator = "STEELHOOK Browser Credential Theft"
| project TimeGenerated, DeviceName, ProcessCommandLine, InitiatingProcessAccountName, ThreatIndicator


PSEXEC Lateral Movement Detection

// PSEXEC Usage Detection
DeviceProcessEvents
| where TimeGenerated >= ago(30d)
| where FileName =~ "psexec.exe" or
        ProcessCommandLine contains "PSEXESVC" or
        ProcessCommandLine contains "/accepteula" or
        ProcessCommandLine contains "\\\\.*\\ADMIN$"
| extend ThreatIndicator = "PSEXEC Lateral Movement"
| project TimeGenerated, DeviceName, FileName, ProcessCommandLine, InitiatingProcessAccountName, ThreatIndicator


Custom NTLM Listener Detection

// NTLM Listener Detection
DeviceProcessEvents
| where TimeGenerated >= ago(30d)
| where ProcessCommandLine contains "New-Object System.Net.HttpListener" and
        ProcessCommandLine contains "Prefixes.Add('http://localhost:8080/')" and
        ProcessCommandLine contains "Authorization"
| extend ThreatIndicator = "APT28 Custom NTLM Listener"
| project TimeGenerated, DeviceName, ProcessCommandLine, InitiatingProcessAccountName, ThreatIndicator


📚 TTP Glossary: Understanding the Attack Techniques

đŸšȘ Initial Access Techniques

  • T1199 - Trusted Relationship: Exploiting business partnerships to gain access to additional targets
  • T1566 - Phishing: Sending deceptive emails to steal credentials or deliver malware
  • T1133 - External Remote Services: Compromising VPNs and external-facing services
  • T1190 - Exploit Public-Facing Application: Using known vulnerabilities in public services

⚡ Execution Techniques

  • T1204.001 - User Execution: Malicious Link: Tricking users into clicking dangerous shortcuts
  • T1204.002 - User Execution: Malicious File: Getting users to run malicious executables
  • T1059 - Command and Scripting Interpreter: Using system tools like PowerShell and Python

🔒 Persistence Techniques

  • T1098.002 - Account Manipulation: Modifying email permissions for continued access
  • T1556.006 - Modify Authentication Process: Enrolling compromised accounts in MFA
  • T1547.001 - Registry Run Keys: Using Windows registry for automatic startup
  • T1053.005 - Scheduled Task: Creating system tasks for persistence

đŸ›Ąïž Defense Evasion

  • T1070.001 - Indicator Removal: Deleting Windows logs to hide activity
  • T1574.001 - DLL Search Order Hijacking: Exploiting Windows DLL loading

🔑 Credential Access

  • T1110.001 - Brute Force: Password Guessing: Systematic password attacks
  • T1110.003 - Brute Force: Password Spraying: Using common passwords across accounts
  • T1187 - Forced Authentication: Exploiting Outlook vulnerability to capture credentials
  • T1003.003 - OS Credential Dumping: Extracting password databases


🚹 Immediate Action Items for Organizations

Critical Patches Required

  • CVE-2023-23397: Outlook NTLM vulnerability
  • CVE-2023-38831: WinRAR vulnerability
  • CVE-2021-44026, CVE-2020-35730, CVE-2020-12641: Roundcube vulnerabilities


đŸ›Ąïž Enhanced Security Measures

  1. Implement Zero Trust Architecture
    • Network segmentation
    • Device-based access controls
    • Continuous authentication verification
  2. Deploy Advanced Detection
    • EDR solutions on all critical systems
    • SIEM integration with threat intelligence
    • Custom detection rules (provided above)
  3. Strengthen Authentication
    • Multi-factor authentication with hardware tokens
    • Disable NTLM authentication where possible
    • Regular credential rotation
  4. IP Camera Security
    • Change default credentials
    • Disable unnecessary network features (UPnP, P2P)
    • Implement network segmentation
    • Regular firmware updates


🌐 Global Implications

This campaign represents more than just another cyberattack—it's a strategic intelligence operation with potential physical world consequences. The targeting of logistics infrastructure supporting Ukraine aid demonstrates how cyber operations are being used to support kinetic military objectives.

Key concerns include:

  • Supply chain disruption capabilities
  • Intelligence gathering on Western aid shipments
  • Potential for escalation to destructive attacks
  • Precedent for targeting civilian logistics infrastructure


🔼 Looking Forward

Organizations in the logistics, transportation, and critical infrastructure sectors must treat this as a national security imperative. The sophistication and persistence of this campaign suggest that APT28 will continue evolving their tactics.

Recommended next steps:

  • Implement the detection rules provided in this analysis
  • Conduct threat hunting exercises using the IOCs
  • Review and update incident response procedures
  • Engage with industry information sharing organizations
  • Consider cyber insurance coverage evaluation

💡 Stay Informed

This threat landscape is rapidly evolving. For the latest updates on APT28 activities and additional detection rules, follow the joint advisories from international cybersecurity agencies and implement continuous threat intelligence monitoring.


This analysis is based on the joint cybersecurity advisory released by multiple international intelligence agencies in May 2025. Organizations should validate these indicators in their own environments and adapt detection rules to their specific infrastructure.

Tags: #CyberSecurity #APT28 #ThreatIntelligence #AzureSentinel #KQL #RussianHackers #LogisticsSecurity #CriticalInfrastructure

Operation Global Blackout

Operation Global Blackout, planned for March 31, is apparently a protest against “SOPA, Wallstreet, our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs”.

So how serious are these threats?


Well, for a start, it’s worth pointing out that the date of the take-down could be an indication of an April Fools joke – albeit one day early. And then there are the suggestions that whoever published the announcement does not really represent Anonymous. Instead, they appear just to be using Anonymous' name and reputation to give their anti-SOPA campaign some publicity.

But even if the plans of “Anonymous” don’t come to fruition, would their take-down methods actually work? Is it possible to shut down the internet?

At the top of the hierarchy are the 13 root servers that Anonymous is apparently going to target. The idea is that if you take down all 13 root DNS servers, domain name resolution for the internet would eventually fail.Of course, we shouldn’t discount Anonymous' ability to marshall many botnets to an attack, but for this particular attack to succeed, an enormous number of bots would be needed.

Finally, even if the root servers could be brought down, most ISPs cache queries from these root servers for substantial amounts of time. For Anonymous to “take down” the internet, they would need to maintain a sustained attack. Only after the cached entries have timed out would the attack start to be noticed by users. This would likely take several hours; much longer than the minutes claimed by Anonymous.

So, all things considered, it’s very unlikely a DDoS attack on the internet’s root DNS servers would succeed. But that’s not to say there aren’t other weaknesses that could be exploited to shut the internet down.

Regardless, if the internet is ever brought down, I suspect it will be through something more sophisticated and more arcane than a DDoS of the net’s DNS root servers.

Microsoft's L33t and Lame Moves in 2011

Microsoft has always created a buzz in the entire technology world. Some of its decisions regarded the best while the rest invited a wide range of criticism from the tech savvy. Listed below are some of the good and bad moves made by Microsoft in 2011.

L33t moves:

 
Breaking the tradition with Windows8


The compatibility of old software’s to new OS has always been a big advantage and disadvantage of windows. The need to support these vast software’s continued to be an obstacle for Windows in refining itself. But With windows8, Microsoft is going radical with a whole new set of applications and software’s created for the new UI. The new apps promise to be less expensive. With its new OS built focusing more on tablets than the PC’s Microsoft is moving closely to the future ‘cloud computing’.

Vast market with the Skype acquisition

With $8.5 billion, Microsoft not only bought Skype, but also its broad base of customers eager to chat and video conference across the PC’s and Smartphones. Microsoft also gained 50 patents with Skype which will help in its battle with the Android market. Microsoft promised to continue support of Skype on all devices. Before closing its deal with Microsoft, Skype cleared its biggest complaint by adding video support to a wide range of android devices.

Acknowledging the HTML5

2011 witnessed the changing face of Microsoft towards HTML5. It started supporting HTML5 in Windows8 and IE 10, making the developers more than happy. Microsoft also released an HTML5 app for Bing which extends its search functions to android and iphone. The Microsoft’s old Silverlight is now relabeled as a tool for enterprise web development.

Spam Control

Microsoft went a step further in fighting the spam by petitioning the US courts to order Verisign to shut down 21 internet domains associated with Botnets. Microsoft was successful in its previous attempts on controlling Rustock and Kelihos Botnets.

Popularizing Kinect

Microsoft encouraged Kinect applications in 2011 by releasing an SDK for non commercial uses and also designed a program to help 10 developers or startups launch businesses around products for Kinect, the controller that senses motion and voice. Kinect has gained Microsoft a whole new generation of Gamers.


Lame Moves :

Android war

Microsoft’s secret plans on collecting the all available android patents and thereby forcing the android device makers to pay large fees are exposed with the legal battle with Barnes & Noble. At least some of Microsoft's patent licenses involving Android were broad cross-patent license agreements with hardware partners (like Samsung). B&N really blows the lid off of what Microsoft is doing and how they are forcing money from Android.

Windows Clouds

Microsoft’s cloud applications which are promised to run smoothly on any device and any OS is continuously failing to do so. Be the new browser or the OS, Microsoft is taking a long time in recognizing the non windows platforms. For example Intune, Microsoft’s managed software distribution and security monitoring service is said to enable the users work on every platform. But it currently only supports Windows platform and not even Windows phone 7.

Anticipated Tablets

Microsoft is waiting for the launch of Windows8 to widen its works on tablets. But the world is not waiting till the launch as it shows an aggressive increase in the tablet market. Even though the Microsoft introduced touch support in Windows7, it is still nowhere in the tablet market. Forrester, an analytics firm already predicted that by the time Windows8 arrives, Microsoft will have surrendered the market to others in terms of feature, price and performance specifications.

Control Open Source Programming with Windows 8

Microsoft had created a controversy when it demanded the hardware developers to implement the next generation boot specification in its secure mode, which is known as Unified Extensible Firmware Interface. This prevents users from loading operating systems and drivers onto a device when it is in secure mode. It usually comes with an off button but Microsoft wanted the hardware makers to remove the button which prevents the open source developers from installing other OS like Linux.

Problems with Office 365

Microsoft has launched its upgraded version of Business Productivity Online Standard Suite (BPOS), Office 365 in 2011 in order to compete with wide adoption of the Google apps. But the product lacked certain features as it rolled out without a perfect feature set. The testers always complain about the limitations in importing the contacts. Also office 365 doesn’t match some of the main features of its rivals like simultaneous co editing in word processing documents.

Sony, Are You Listening?

14-Year-Old Hacker Scoops Job At Microsoft After Being Caught Phishing Via Call of Duty Server.

An interesting little tidbit coming out of Microsoft today, with news that the Redmond outfit has offered a job to a young Irish boy who came to their attention though a Call of Duty: Modern Warfare 2 phishing scam.

The 14 year old who’s not been named has been given the opportunity by Microsoft to turn his back on more nefarious uses for his talent.


Microsoft is reported to be working with the 14-year-old Irish hacker who managed to stir up a little trouble with his Call of Duty: Modern Warfare 2 phishing scam alert. According to the managing director of Microsoft of Ireland, the company is helping the hacker “develop his talent for legitimate purposes.”

This move has obviously caused many to wonder why Sony didn’t take a similar stance over the infamous George Hotz affair.This is exactly what Sony should have done with George Hotz – given him a job as a security specialist, instead of suing him in court and getting its PlayStation Network and other Sony websites hacked day in and out.

For those not up to speed on the matter, Hotz was taken to court by Sony over his PlayStation 3 hacking exploits. After much media speculation and legal wrangling, the pair finally settled out of court, but could it all have been avoided? Even at the time many suggested Sony should have taken George Hotz onboard to use his undoubted talent instead of taking him to task. Perhaps they could have avoided the PSN hacking debacle?

Congrats to that young hacker, whose name was not disclosed. While the new prospect for the Dublin kid is not meant to be an example for other hackers to follow, companies do have to realize that there are many talented people among hackers. Why make an enemy when you can have them on your side?

Red Dragon's Cyberarmy

Chinese government officials have acknowledged the existence of a military unit dedicated to cyber warfare activity, according to intelligence sources. Chinese Defense Ministry spokesman Geng Yansheng said that the unit, called the "cyber blue team", is designed to "better safeguard the internet security of the armed forces".


Geng stated that the unit was organized in response to international threats to Internet security, and that China is still relatively weak in regards to cyber security and its ability to defend against cyberterrorism. Intelligence analyst Glenmore Trenear-Harvey says many in the intelligence field believe China has had a cyber offensive unit active for at least the last five years.


"They [China] may have acknowledged that they have set up this unit but they have been doing it for a long time, and they have been enormously successful in their attacks," Trenear-Harvey said.


China has recruited thousands of hackers for a cyber force tasked with infiltrating a multitude of computers to establish a large botnet which can be utilized to conduct denial of service (DoS) campaigns to disrupt targeted websites as well as conducting cyber espionage activity to pilfer sensitive information. "It is one of the greatest threats we have... But do remember that - the US and UK - are doing this in reverse and are very successful. It's an incredibly potent weapon which will certainly be utilized," Trenear-Harvey said.


According to a recent article by Joshua Philipp and Matthew Robertson, the Chinese have long seen a tactical cyber offensive capability as being a potentially powerful equalizer in their quest to attain superpower status and undermine the effectiveness of international political rivals.


The Chinese strategy extends well beyond potential military targets, posing a significant threat to the core industries and critical infrastructure systems a nation relies upon to sustain a healthy military presence. Attacks on private sector assets are seen as a central aspect of a successful Chinese cyber aggression strategy by eroding the industrial and technological superiority of an adversary over time.


Chinese hackers are not merely tasked with infiltrating established western economies, they are also conducting extensive operations in emerging economies (India, Brazil..etc) and extending their presence in regions fraught by political conflict and economic turmoil.


While numerous nations are involved in varying levels of cyber aggression, what makes the Chinese threat so much more palpable is the systemic nature and comparatively large scale of the state-sponsored cyber-offensive operations, as evidenced by attacks like Operation Aurora, Ghostnet, and most recently Night Dragon.

WebApp $ecurity expenditure.

Companies Spend More on Coffee Than Web App Security
A recent report by the Ponemon Institute, Cenzic and Barracuda Networks has produced a startling statistic: eight-eight percent of companies surveyed indicate they spend more on coffee than they do on securing Web applications.

In spite of this staggering revelation, seventy-four percent of the organizations surveyed still ranked Web application security as being equal to or more important than other security priorities. Clearly, organizations are struggling with Web application security issues.

"While it is encouraging to see that Web application security is on the minds of most organizations, there still seems to be a real disconnect between the desire and implementation of security countermeasures required for Web application security.

Other findings from the survey include:
  • 66 percent test less than 25 percent of these applications for vulnerabilities
  • 62 percent cited data protection as impetus for Web app security
  • 51 percent cited compliance as the top reason for securing Web apps
  • 51 percent listing compliance as a key driver for Web application security
  • 41 percent reported having over 100 Web applications or more
"The fact that 69 percent of respondents are relying upon network firewalls to secure Web applications is like relying upon a cardboard shield for protection in a sword fight – eventually your shield will prove that it's insufficient and an attack will reach you that can fly past a network firewall," Judge stated. With cloud becoming popular everyday WebApp security is going to be a big challenge for service providers.

Referencenet-security

Office 365

"BPOS seems history, welcome Office 365"

Recent hype about Office 365 drawn my attention a lot. So i thought of digging some information about the service. In first place one must ask "what is Office 365" ?

Well the answer is pretty straight forward and simple. It is a subscription service that combines the familiar Microsoft Office Web Apps with a set of web-enabled tools that are easy to learn and use, that work with your existing hardware, and that come backed by the robust security, reliability, and control you need to run your business.

Why Office 365 ?

Because of the Unique Selling Proposition of Office 365
.
Powered by Microsoft Exchange Online

Office 365 gives you access to email, calendar, and contacts from virtually anywhere, at any time, on desktops, laptops, and mobile devices*—while it helps to protect against viruses and spam.

Work from virtually anywhere
Work from almost anywhere and get automatically updated email,calendar, and contacts on the devices you use most, including PCs, Macintosh computers, iPhone, Android phones, Blackberry smartphones**, Windows Mobile, and Windows Phones*.




Easy-to-manage email

Get professional, easy-to-manage email. Office 365 provides each user with a 25-gigabyte (GB) mailbox and lets them send email messages up to 25 megabytes (MB). Connect with Microsoft Outlook 2010 or Outlook 2007 and use all of the rich Outlook functionality you already know and use, whether you are connected to the Internet at home or in the office or you are working offline.


Simplify scheduling
Easily schedule meetings by sharing calendars and viewing them side by side, so user can see their colleagues’ availability and suggested meeting times from user's calendar. Access users email, calendar, and contacts from nearly any web browser while keeping the rich, familiar Outlook experience with Microsoft Outlook Web Application.



Business-class security

Help protect your organization from spam and viruses with Microsoft Forefront Online Protection for Exchange, which includes multiple filters and virus-scanning engines.








Highly competitive pricing structure
Microsoft plans to offer Office 365 to businesses with less than 25 employees for $6 per user per month; larger companies will pay between $2 and $27 per user a month. Remember money always matters.

Earlier Microsoft launched SharePoint, Exchange and Lync as online services in 2009, calling it the Business Productivity Online Suite, or BPOS. Customers are currently sending and receiving 167 billion messages every day from its cloud services (Ref:- Kurt DelBene, president of Microsoft's Office Division)

Now with Office 365 a new cloud-based version of a suite of productivity tools that combines SharePoint, Exchange, Lync (formerly Communications Server), and both the Office Web applications and the Office Pro Plus desktop client. Dubbed Office 365, the suite goes into beta today (sign up here).
BPOS seems history, welcome Office 365.
Chris Capossela, senior vice president of Microsoft's Office Division said Microsoft has created what it feels is a highly competitive pricing structure, because it really wants to capture the small business market. Microsoft is including single sign-on access all of these services, Capossela said. Enterprises also have the option to get Microsoft Office Professional Plus desktop software on a pay-as-you-go basis. Microsoft is opening a limited Office 365 beta program in seven languages and thirteen countries around the world.
Hope Office 365 retain the familiar client experience that everyone knows and loves with a rich back-end.