Hackers Using Malicious OAuth Apps to Take Over Email Servers

Microsoft issued a warning on Thursday about a consumer-facing assault that used rogue OAuth apps installed on infected cloud tenants to eventually take over Exchange servers and spread spam. The Microsoft 365 Defender Research Team reported that the threat actor “executed credential stuffing attacks against high-risk accounts that didn’t have multi-factor authentication (MFA) configured and used the unsecured administrator accounts to obtain initial access.”

The adversary was able to register a malicious OAuth application, grant it elevated capabilities, and finally change the Exchange Server settings to allow inbound emails to be routed through the compromised email server thanks to the unauthorised access to the cloud tenancy.Microsoft issued a warning on Thursday about a consumer-facing assault that used rogue OAuth apps installed on infected cloud tenants to eventually take over Exchange servers and spread spam.

The Microsoft 365 Defender Research Team reported that the threat actor “executed credential stuffing attacks against high-risk accounts that didn’t have multi-factor authentication (MFA) configured and used the unsecured administrator accounts to obtain initial access.” Read More…

Hackers Using Malicious OAuth Apps to Take Over Email Servers

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address

Hackers Using Malicious OAuth Apps to Take Over Email Servers

23-Sep-22

Solutions

Services

Services

Knowledge

Solutions

Industries

Contact

Invinsense

About

INDIA | Ahmedabad

SRI LANKA

KUWAIT

USA | New York

UNITED KINGDOM | London

Address