Microsoft Exchange Hack

By   ISBuzz Team
Writer , Information Security Buzz | Sep 23, 2022 05:14 am PST

Microsoft says a threat actor gained access to cloud tenants hosting Microsoft Exchange servers in credential stuffing attacks, with the end goal of deploying malicious OAuth applications and sending phishing emails. The attacker then used this inbound connector and transport rules designed to help evade detection to deliver phishing emails through the compromised Exchange servers.