APT41 sent spearphishing emails with attachments such as compiled HTML (.chm) files to initially compromise their victims.

Adversaries set up forwarding rules on your users email inboxes to exfiltrate sensitive data and as a form of insurance in case they lose access to their victim’s email account.

Adversaries are utilizing Microsoft Teams as a delivery channel for malware. This attack leverages deceptive Microsoft Teams chat messages sent from compromised Office 365 accounts to encourage victims to download malicious files, effectively bypassing existing security measures.

Allows for the possible introduction of malware into any organisations using Microsoft Teams in its default configuration

The Midnight Blizzard attack, orchestrated by a Russian state-sponsored group, involved techniques like password spraying and misuse of OAuth applications. These methods led to the compromise of email accounts of several Microsoft employees, including those in senior leadership positions.

The Storm-0558 breach allows Chinese advanced persistent threat (APT) actors to access Microsoft cloud services, forge authentication tokens, and potentially compromise sensitive information in email accounts and other applications.