Question regarding AitM type attacks: When attackers are targeting a user, such as an O365-account, have you observed that they add their own MFA-devices to the account in order to ensure persistence and continuous access to the account in question?
#ThreatIntel #ATiM #ModusOperandi
Christoffer S. /
npub14n…f6kgf
2023-10-01 19:37:39
Author Public Key
npub14n0ra22muzxqmfe2tvrytjr9lv4q3wva0vrwfqqluhg3xhumdvwqzf6kgfSeen on
wss://relay.nostr.bandPublished at
2023-10-01 19:37:39Event JSON
{
"id": "38400b0e8bdfbfd051a994b30242d39d9dd8c12e69764fd8e56b7cf1672de352",
"pubkey": "acde3ea95be08c0da72a5b0645c865fb2a08b99d7b06e4801fe5d1135f9b6b1c",
"created_at": 1696189059,
"kind": 1,
"tags": [
[
"t",
"threatintel"
],
[
"t",
"atim"
],
[
"t",
"modusoperandi"
],
[
"proxy",
"https://swecyb.com/users/nopatience/statuses/111161446219714098",
"activitypub"
]
],
"content": "Question regarding AitM type attacks: When attackers are targeting a user, such as an O365-account, have you observed that they add their own MFA-devices to the account in order to ensure persistence and continuous access to the account in question?\n\n#ThreatIntel #ATiM #ModusOperandi",
"sig": "16b8cc30de87c0df528a83a2e2a91f2bd85eb118c1b50dbe42f3c275411401100d3813890712b9066d1dcb8bdc0ccd728d021e7c0ff6ecbdbe11dd24ec655679"
}