In an ever-changing cyber landscape, the recent exploit by China-based threat actor, Storm-0558, highlights the need for constant vigilance. The threat actor exploited a compromised encryption key (MSA key) to target Microsoft Exchange Online, forge access tokens, manipulate the token verification process, and extract unclassified data from victim mailboxes.

A Mitiga, we build a cloud and SaaS Forensic Data Lake for customers so that they are prepared in moments like this one. By having the historic forensic data ready and available for investigation, we were able to quickly hunt for indicators of this type of attack including seeking out IP addresses used to access user emails with a forged authentication token or as part of supporting infrastructure. Taking this kind of proactive approach ensures we have a complete hunting ground to root out assailants and enables a rapid response—allowing us to secure our clients' environments thoroughly and quickly.

Where Cloud and SaaS are concerned, this should be the new standard.

Remember that concealment is the mode of operation for these espionage attacks. The pressing issue, therefore, is not only whether you are susceptible to this type of attack, but, more importantly, whether an attacker has already breached your environment and is currently operating within it. At Mitiga, we provide our clients with the reassurance that their environment is secure, even when hidden dangers are present.

Stay Informed. Stay vigilant.

If you want to learn more about how your enterprise could be strengthening your preparedness to be ready for these types of exploits, contact us.

LAST UPDATED:

November 7, 2024

Don't miss these stories:

5 Common Threat Actor Tactics Used in Cloud, Identity, and SaaS Attacks

Explore five common tactics used in cloud attacks and recommendations on how to defend against them.

Tactical Guide to Threat Hunting in Snowflake Environments

It was brought to our attention that a threat actor has been observed using stolen customer credentials to target organizations utilizing Snowflake databases.

Unlocking Cloud Security with Managed Detection and Response

See how Mitiga’s Cloud Managed Detection and Response tackles complex cyber threats with proactive threat management and advanced automation at scale.

Rethinking Crown Jewels Analysis: Mitigating Cybersecurity Bias

Uncover the risks of bias in Crown Jewels Analysis (CJA) and learn strategies to protect your organization's most valuable assets with a comprehensive approach.

Microsoft Breach by Midnight Blizzard (APT29): What Happened?

Understand the Midnight Blizzard Microsoft breach by APT29, what happened, and key steps organizations should take to strengthen their defenses.

Understanding Lateral Movement Attacks in Hybrid Environments

Learn how lateral movement attacks pose serious risks in on-prem, cloud, or hybrid environments, and discover effective strategies to mitigate these threats.