Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io
Cloud Threat Landscape

APT29 targeting Microsoft 365

Type
Campaign
Actors
🐻APT29
Pub. date
August 22, 2022
Initial access
Impact
Observed techniques
Add attacker-controlled IdP via ADFS accessDisable loggingMFA enrollmentAuth token signing via Golden SAMLAuth token signing via ADFS access
References
https://www.mandiant.com/resources/blog/apt29-continues-targeting-microsoft
Status
Stub
Last edited
Jun 2, 2024 8:02 AM

Made with 💙 by Wiz

Last Updated: April 3, 2025