The attackers used the customer’s existing e-discovery and compliance tools to automated the search for these email messages. Once in, the group searched other mailboxes for emails sent by employees containing credentials for other accounts. The attack group used a password spray attack-where attackers run through a large number of common passwords to see if one of them works-to gain the company’s Office 365 administrator credentials. This first customer story highlighted the importance of multi-factor authentication and turning on logging and auditing. Microsoft announced DART in March 2019 and said it would regularly publish case studies of DART’s investigations as a way to illustrate attacker operations. DART was brought in about 240 days later. The company initially attempted to remediate the compromised Office 365 account on its own, and then engaged an incident response vendor to handle the investigation. ![]() The state-sponsored group had gained unauthorized access to the network after stealing Office 365 administrator credentials, Microsoft’s Detection and Response Team (DART) wrote in its first case report. While helping a "large mult-national" customer deal with a state-sponsored attack group which had been stealing data and email for about eight months, Microsoft’s incident response team uncovered five other threat actors operating simultaneously on the network.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |