SolarWinds-Linked Attackers Target Microsoft 365 Mailboxes

  /     /     /  
Publicated : 23/11/2024   Category : security


SolarWinds-Linked Attackers Target Microsoft 365 Mailboxes


Researchers observe attackers altering mailbox folders to assign read-only permissions to any authenticated user on a target machine.



Mandiant security researchers have observed UNC2452, the group theyre tracking in association with the SolarWinds attacks, using a new tactic targeting Microsoft 365 mailboxes. 
Mandiant began tracking UNC2452
in December 2020 when it discovered the global cyberattack that infected SolarWinds Orion software updates to infect some 18,000 organizations around the world. In some, but not all, of the intrusions they observed, researchers noticed attackers were using on-premise network access to enter a victims Microsoft 365 environment unauthorized.
This week, the research team reported attackers, in some instances, are modifying the mailbox folder permissions of individual Microsoft 365 mailboxes to maintain persistent access to the target users emails.
This stealthy technique is not usually monitored by defenders and provides threat actors a way to access the desired email messages using any compromised credentials, Mandiant researchers wrote in an updated blog post.
They have also updated their Azure AD Investigator tool, as well as their whitepaper on UNC2452, to include this new technique.
Read more details
here
and the full whitepaper with remediation strategies
here
.

Last News

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security

▸ Debunking Machine Learning in Security. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
SolarWinds-Linked Attackers Target Microsoft 365 Mailboxes