Home Security Hackers Utilizing Malicious OAuth Apps to Take Over E-mail Servers

Hackers Utilizing Malicious OAuth Apps to Take Over E-mail Servers

by crpt os


Microsoft on Thursday warned of a consumer-facing attack that made use of rogue OAuth applications deployed on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam.

“The threat actor launched credential stuffing attacks against high-risk accounts that didn’t have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain initial access,” the Microsoft 365 Defender Research Team said.

CyberSecurity

The unauthorized access to the cloud tenant permitted the adversary to register a malicious OAuth application and grant it elevated permissions, and eventually modify Exchange Server settings to allow inbound emails from specific IP addresses to be routed through the compromised email server.

“These modifications to the Exchange server settings allowed the threat actor to perform their primary goal in the attack: sending out spam emails,” Microsoft said. “The spam emails were sent as part of a deceptive sweepstakes scheme meant to trick recipients into signing up for recurring paid subscriptions.”

Malicious OAuth Apps

The email messages urged the recipients to click on a link to receive a prize, doing so which redirected the victims to a landing page that asked the victims to enter their credit card details for a small shipping fee to collect the reward.

The threat actor further carried out a number of steps to evade detection and continue its operations for extended periods of time, including taking weeks or even months to use the malicious OAuth application after it was set up and deleting the modifications made to the Exchange Server after each spam campaign.

CyberSecurity

Microsoft’s threat intelligence division said that the adversary has been actively running spam email campaigns for several years, typically sending high volumes of spam emails in short bursts through a variety of methods.

Although the primary goal of the attack appears to be to trick unwitting users into signing up for unwanted subscription services, it could have posed a far more serious threat had the same technique been used to steal credentials or distribute malware.

“While the follow-on spam campaign targets consumer email accounts, this attack targets enterprise tenants to use as infrastructure for this campaign,” Microsoft said. “This attack thus exposes security weaknesses that could be used by other threat actors in attacks that could directly impact affected enterprises.”





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex