APT29 targeting Microsoft 365

Type

Campaign

Actors

🐻APT29

Pub. date

August 22, 2022

Initial access

Impact

Observed techniques

Add attacker-controlled IdP via ADFS accessDisable loggingMFA enrollmentAuth token signing via Golden SAMLAuth token signing via ADFS access

References

https://www.mandiant.com/resources/blog/apt29-continues-targeting-microsoft

Status

Stub

Last edited

Jun 2, 2024 8:02 AM