Cloud Threat Landscape

Incidents
Actors
Techniques
Defenses
Tools
Targeted Technologies
Posters & Newspapers
About
RSS
STIX
Back to wiz.io

Cloud Threat Landscape

APT29 targeting Microsoft 365

Type

Campaign

Actors

Pub. date

August 22, 2022

Initial access

Impact

Observed techniques

Add attacker-controlled IdP via ADFS access Disable logging MFA enrollment Auth token signing via Golden SAML Auth token signing via ADFS access

References

https://www.mandiant.com/resources/blog/apt29-continues-targeting-microsoft

Status

Stub

Last edited

Jun 2, 2024 8:02 AM

Made with 💙 by Wiz

Last Updated: April 3, 2025