Cloud Threat Landscape

Incidents
Actors
Techniques
Defenses
Newspaper
ABC Poster
Periodic Table
Tools
Targeted Technologies
About
RSS
STIX
Back to wiz.io

Cloud Threat Landscape

APT29 targeting Microsoft 365

Type

Campaign

Actors

Pub. date

August 22, 2022

Initial access

Impact

Observed techniques

Add attacker-controlled IdP via ADFS access Disable logging MFA enrollment Auth token signing via Golden SAML Auth token signing via ADFS access

References

https://www.mandiant.com/resources/blog/apt29-continues-targeting-microsoft

Status

Stub

Last edited

Jun 2, 2024 8:02 AM

Made with 💙 by Wiz

Last Updated: April 3, 2025