Customers
Why Mitiga
Request a DemoEmergency Assistance
Home
»
Blog Main
Customers
Why Mitiga
Request a DemoEmergency Assistance

In an ever-changing cyber landscape, the recent exploit by China-based threat actor, Storm-0558, highlights the need for constant vigilance. The threat actor exploited a compromised encryption key (MSA key) to target Microsoft Exchange Online, forge access tokens, manipulate the token verification process, and extract unclassified data from victim mailboxes.

A Mitiga, we build a cloud and SaaS Forensic Data Lake for customers so that they are prepared in moments like this one. By having the historic forensic data ready and available for investigation, we were able to quickly hunt for indicators of this type of attack including seeking out IP addresses used to access user emails with a forged authentication token or as part of supporting infrastructure. Taking this kind of proactive approach ensures we have a complete hunting ground to root out assailants and enables a rapid response—allowing us to secure our clients' environments thoroughly and quickly.

Where Cloud and SaaS are concerned, this should be the new standard.

Remember that concealment is the mode of operation for these espionage attacks. The pressing issue, therefore, is not only whether you are susceptible to this type of attack, but, more importantly, whether an attacker has already breached your environment and is currently operating within it. At Mitiga, we provide our clients with the reassurance that their environment is secure, even when hidden dangers are present.

Stay Informed. Stay vigilant.

If you want to learn more about how your enterprise could be strengthening your preparedness to be ready for these types of exploits, contact us.

LAST UPDATED:

November 7, 2024

Don't miss these stories:

CORSLeak: Abusing IAP for Stealthy Data Exfiltration

When people talk about “highly restricted” cloud environments, they usually mean environments with no public IPs, no outbound internet, and strict VPC Service Controls locking everything down.

From Rogue OAuth App to Cloud Infrastructure Takeover

How a rogue OAuth app led to a full AWS environment takeover. And the key steps security leaders can take to prevent similar cloud breaches.

Defending SaaS & Cloud Workflows: Supply Chain Security Insights with Idan Cohen

From GitHub Actions to SaaS platforms, supply chain threats are growing. Hear Mitiga’s Idan Cohen and Field CISO Brian Contos explore real-world compromises, detection tips, and strategies to strengthen your cloud security.

Inside Mitiga’s Forensic Data Lake: Built for Real-World Cloud Investigations

Most security tools weren’t designed for the scale or complexity of cloud investigations. Mitiga’s Forensic Data Lake was.

Measurements That Matter: What 80% MITRE Cloud ATT&CK Coverage Looks Like

Security vendors often promote “100% MITRE ATT&CK coverage.” The reality is most of those claims reflect endpoint-centric testing, not the attack surfaces organizations rely on most today: Cloud, SaaS, AI, and Identity.

How Threat Actors Used Salesforce Data Loader for Covert API Exfiltration

In recent weeks, a sophisticated threat group has targeted companies using Salesforce’s SaaS platform with a campaign focused on abusing legitimate tools for illicit data theft. Mitiga’s Threat Hunting & Incident Response team, part of Mitiga Labs, investigated one such case and discovered that a compromised Salesforce account was used in conjunction with a “Salesforce Data Loader” application, a legitimate bulk data tool, to facilitate large-scale data exfiltration of sensitive customer data.