
Microsoft identified threat actor activity with overlapping tradecraft commonly associated with ShinyHunters, including voice phishing (vishing), supply-chain compromise, and misconfigured guest access targeting SaaS-based applications. msft.it/6016v0QtG
Across intrusion paths, threat actors abused trusted OAuth relationships to gain unauthorized access, maintain persistence, and exfiltrate data at scale. By inheriting user and application privileges, threat actors were able to access customer data while evading traditional authentication-focused detections.
Microsoft consulted with Salesforce to improve granularity in telemetry for Microsoft Defender for Cloud Apps with near-real-time detection, connected application attribution, and expanded application permission insights. Read the latest blog from the Microsoft Defender Research Team to learn how security teams can defend against SaaS-based attack paths.
English
