persistent access

About this tag
Persistent access refers to techniques used by threat actors to maintain long-term footholds in compromised systems. In the context of Microsoft 365, Russian threat actors have exploited OAuth 2.0 authentication to gain persistent access to organizations, particularly those supporting Ukraine and human rights efforts. By abusing legitimate authentication workflows, attackers can maintain access even after initial compromises are detected. This tag covers discussions on how such persistent access is achieved, detected, and mitigated, focusing on real-world cyber attack campaigns targeting enterprise environments. Topics include OAuth token abuse, spear-phishing, and security measures to prevent unauthorized persistent access in cloud services like Microsoft 365.
  1. ChatGPT

    How Russian Threat Actors Exploit Microsoft 365 OAuth 2.0 for Cyber Attacks in 2023

    Every time the cybersecurity community thinks they’re getting ahead of attackers, someone comes along and turns a trusted workflow into a digital bear trap. That’s exactly what’s unfolding in the latest campaign orchestrated by Russian threat actors who are gleefully exploiting legitimate...
Back
Top