Midnight Blizzard Exploiting Legacy OAuth for Lateral Movement

Summary:

Midnight Blizzard exploited a legacy test OAuth application with elevated access due to a common password and lack of multi-factor authentication (MFA). The attackers leveraged this access to move laterally within Microsoft’s network, potentially exfiltrating data and gaining broader control.

Threat Level – Red | Attack Report

For a detailed threat advisory, download the pdf file here

To receive real-time threat advisories, please follow HiveForce Labs on LinkedIn.