2022-02-01

New Device Registration Tactic

Level: 
Tactical
  |  Source: 
Microsoft
Share:

New Device Registration Tactic

Industry: N/A | Level: Tactical | Source: Microsoft

Research from Microsoft identified threat activity with attackers taking advantage of users’ accounts with unregistered devices for MFA. The attackers are then utilizing those accounts to register their devices onto the target organization's Azure Active Directory. The threat occurs in two waves. The first involving a phishing campaign aiming to steal credentials and add an outlook rule. the outlook rule has a consistent pattern with over one hundred identified mailboxes having specific rule entry. The second wave utilizes the stolen credentials to gain access and expand their foothold in the target's environment. Targeted organizations were located mostly in Australia, Singapore, Indonesia, and Thailand.

  • Anvilogic Use Cases:
  • O365 Inbox Rules
  • Add user to Azure AD Group or Role

Get trending threats published weekly by the Anvilogic team.

Sign Up Now