January 26, 2024 at 03:43PM
Microsoft has released new guidance to protect against nation-state attacks like the recent intrusion into its corporate email system by threat group Midnight Blizzard. The attack resulted in compromised accounts and exfiltration of emails and documents. Microsoft advises on protecting against malicious OAuth apps and detecting and mitigating the threat posed by Midnight Blizzard.
Based on the meeting notes, it appears that Microsoft has released new guidance for organizations on how to protect against persistent nation-state attacks, particularly those involving malicious OAuth apps used by threat actors to maintain access to applications. The attack on Microsoft by threat group Midnight Blizzard resulted in compromised email accounts belonging to several Microsoft employees, including senior leadership. It was revealed that the attackers accessed Microsoft’s corporate email accounts over a period of several weeks and speculated to be part of a broader intelligence-gathering effort. Microsoft has provided recommendations for mitigating risks related to the misuse of OAuth apps, such as auditing current privilege levels associated with all identities, detecting malicious OAuth applications, and utilizing anomaly detection policies and conditional access application controls. Additionally, detailed guidance on what to look for in log data to detect malicious activity associated with Midnight Blizzard was outlined. This information can aid in identifying and thwarting future attacks by such threat groups.