Monday, June 27, 2022

How to Detect Azure Active Directory Backdoors: Identity Federation

During the Solarwinds breach performed by Russian threat actors, one of the techniques utilised by the threat actors to gain control of a victim’s Azure Active Directory (AAD) was to create an AAD backdoor through identity federation. The implication of this attack was that the threat actors were able to log in and impersonate any Microsoft 365 (M365) user and bypass all requirements for MFA as well as bypass any need to enter a valid password. As you can imagine, if the correct detection contro…

Read More

Latest news
Related news