SolarWinds-Linked Attackers Target Microsoft 365 MailboxesSolarWinds-Linked Attackers Target Microsoft 365 Mailboxes
Researchers observe attackers altering mailbox folders to assign read-only permissions to any authenticated user on a target machine.
March 19, 2021
Mandiant security researchers have observed UNC2452, the group they're tracking in association with the SolarWinds attacks, using a new tactic targeting Microsoft 365 mailboxes.
Mandiant began tracking UNC2452 in December 2020 when it discovered the global cyberattack that infected SolarWinds Orion software updates to infect some 18,000 organizations around the world. In some, but not all, of the intrusions they observed, researchers noticed attackers were using on-premise network access to enter a victim's Microsoft 365 environment unauthorized.
This week, the research team reported attackers, in some instances, are modifying the mailbox folder permissions of individual Microsoft 365 mailboxes to maintain persistent access to the target users' emails.
"This stealthy technique is not usually monitored by defenders and provides threat actors a way to access the desired email messages using any compromised credentials," Mandiant researchers wrote in an updated blog post.
They have also updated their Azure AD Investigator tool, as well as their whitepaper on UNC2452, to include this new technique.
About the Author(s)
You May Also Like
Hacking Your Digital Identity: How Cybercriminals Can and Will Get Around Your Authentication MethodsOct 26, 2023
Modern Supply Chain Security: Integrated, Interconnected, and Context-DrivenNov 06, 2023
How to Combat the Latest Cloud Security ThreatsNov 06, 2023
Reducing Cyber Risk in Enterprise Email Systems: It's Not Just Spam and PhishingNov 01, 2023
SecOps & DevSecOps in the CloudNov 06, 2023
9 Traits You Need to Succeed as a Cybersecurity Leader
The Ultimate Guide to the CISSP
Modernize your Security Operations with Human-Machine Intelligence
The Evolving Ransomware Threat: What Business Leaders Should Know About Data Leakage
2021 Banking and Financial Services Industry Cyber Threat Landscape Report