Microsoft Global SaaS account leveraged in SharePoint Online ransomware attack

Microsoft SharePoint Online has been impacted by a ransomware attack by the Omega threat operation that leveraged a compromised Microsoft Global SaaS admin account rather than a compromised endpoint, reports SecurityWeek. Infiltration of SharePoint Online was followed by the creation of a new Active Directory with escalated privileges, with Omega removing more than 200 existing administrators within two hours before proceeding with the theft of hundreds of files, according to a report from Obsidian.

Source: SC Magazine

 


Date:

Categorie(s):