Dan Goodin on Nostr: npub17lgy0…k9uux Doesn't the post say as much in the following: Threat actors like ...
npub17lgy0rj5a2nwpnyc4hup6ufpfz7wz6dzcgd3crm6fm2yd34dcz0qlk9uux (npub17lg…9uux)
Doesn't the post say as much in the following:
Threat actors like Midnight Blizzard compromise user accounts to create, modify, and grant high permissions to OAuth applications that they can misuse to hide malicious activity. The misuse of OAuth also enables threat actors to maintain access to applications, even if they lose access to the initially compromised account. Midnight Blizzard leveraged their initial access to identify and compromise a LEGACY TEST OAUTH APPLICATION THAT HAD ELEVATED ACCESS TO THE MICROSOFT CORPORATE ENVIRONMENT. The actor created additional malicious OAuth applications. They created a new user account to grant consent in the Microsoft corporate environment to the actor controlled malicious OAuth applications. THE THREAT ACTOR THEN USED THE LEGACY TEST OAUTH APPLICATION TO GRANT THEM THE OFFICE 365 EXCHANGE ONLINE FULL_ACCESS_AS_APP ROLE, WHICH ALLOWS ACCESS TO MAILBOXES."
Or does being the tenant admin go beyond the above? If it does, can you or someone explain how?
Doesn't the post say as much in the following:
Threat actors like Midnight Blizzard compromise user accounts to create, modify, and grant high permissions to OAuth applications that they can misuse to hide malicious activity. The misuse of OAuth also enables threat actors to maintain access to applications, even if they lose access to the initially compromised account. Midnight Blizzard leveraged their initial access to identify and compromise a LEGACY TEST OAUTH APPLICATION THAT HAD ELEVATED ACCESS TO THE MICROSOFT CORPORATE ENVIRONMENT. The actor created additional malicious OAuth applications. They created a new user account to grant consent in the Microsoft corporate environment to the actor controlled malicious OAuth applications. THE THREAT ACTOR THEN USED THE LEGACY TEST OAUTH APPLICATION TO GRANT THEM THE OFFICE 365 EXCHANGE ONLINE FULL_ACCESS_AS_APP ROLE, WHICH ALLOWS ACCESS TO MAILBOXES."
Or does being the tenant admin go beyond the above? If it does, can you or someone explain how?