Cloud Threat Landscape

Incidents
Actors
Techniques
Defenses
Tools
Targeted Technologies
Posters & Newspapers
About
RSS
STIX
Back to wiz.io

Cloud Threat Landscape

Add attacker-controlled IdP via ADFS access

Tags

AAD

ATT&CK Tactic

Lateral Movement (TA0008)

Incidents

APT29 targeting Microsoft 365

References

https://media.defense.gov/2020/Dec/17/2002554125/-1/-1/0/AUTHENTICATION_MECHANISMS_CSA_U_OO_198854_20.PDFhttps://www.mandiant.com/resources/blog/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452

Last edited

May 19, 2024 11:15 AM

Status

Stub

Defenses

Cloud Log monitoring

Made with 💙 by Wiz

Last Updated: April 3, 2025