Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails. The attacker then used this inbound connector and transport rules designed to help evade detection to deliver phishing emails through the compromised Exchange servers.

Subscribe
Notify of
guest

1 Expert Comment
Most Voted
Newest Oldest
Inline Feedbacks
View all comments
Jake Moore
Jake Moore , Cybersecurity Specialist
InfoSec Expert
September 23, 2022 1:15 pm

Credential stuffing attacks are common with low level attackers attempting what they can with what they have on offer. It relies on attackers getting hold of someone’s username and password that has been leaked from a website and attempting the same combination on other websites. If these combinations are reused and no multi factor authentication, MFA, is enabled it can be very simple access. This is why people should always use complex unique passwords helped by storing them in password managers along with MFA on all accounts.

Last edited 3 days ago by Jake Moore
Information Security Buzz
1
0
Would love your thoughts, please comment.x
()
x