Cloud Threat Landscape
  • Incidents
  • Actors
  • Techniques
  • Defenses
  • Tools
  • Targeted Technologies
  • Posters & Newspapers
  • About
  • RSS
  • STIX
  • Back to wiz.io
Cloud Threat Landscape

Add attacker-controlled IdP via ADFS access

Tags
AAD
ATT&CK Tactic
Lateral Movement (TA0008)
Incidents
APT29 targeting Microsoft 365
References
https://media.defense.gov/2020/Dec/17/2002554125/-1/-1/0/AUTHENTICATION_MECHANISMS_CSA_U_OO_198854_20.PDFhttps://www.mandiant.com/resources/blog/remediation-and-hardening-strategies-for-microsoft-365-to-defend-against-unc2452
Last edited
May 19, 2024 11:15 AM
Status
Stub
Defenses
Cloud Log monitoring

Made with 💙 by Wiz

Last Updated: April 3, 2025