Sequretek Advisory - The OAuth Trojan Horse: From Cloud Access to Cryptocurrency Cash

Attackers exploit weak passwords and bypass security like MFA to sneak into accounts.

Microsoft has identified a sophisticated cybercrime campaign targeting organizations using high-privilege OAuth applications for financial gain.

Attackers exploit weak passwords and no Multi-Factor Authentication (MFA), especially those with permission to create/modify OAuthApplications.

Utilizing automated phishing attacks and password spraying techniques, attackers gain unauthorized access to vulnerable accounts.

In case of business email compromise (BEC) attacks, they establish long term access to systems using OAuth apps, enabling further unauthorized activity.

They abuse compromised resources to send out large volumes of spam emails, potentially damaging the organization's reputation and harming recipients.

Sign Up Here for Download