Microsoft claims to have stopped a malicious campaign that used a network of single-tenant OAuth applications to spread spam. Microsoft has noticed an increase in malicious OAuth application use over the past few years, particularly for consent phishing attacks, in which the user is duped into granting the malicious OAuth apps access to their cloud services.
The tech giant claims that threat actors, including state-sponsored organizations, have been seen using OAuth applications for illegal activities like command and control (C&C), redirections, backdoors, phishing, and other things.
In order to deploy single-tenant applications and grant them high privileges, the adversary compromised high-risk administrator accounts that did not have multi-factor authentication (MFA) enabled.
Read More: Microsoft Dismantles Spam Campaign Abusing OAuth Applications
For more such updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.