Mandiant and Mitiga researchers have documented different approaches that allow attackers to (mis)use Microsoft MFA to their advantage. Attackers take over dormant Microsoft accounts and set up MFA Douglas Bienstock, an IR manager at Mandiant, shared last week a new tactic by APT29 (aka Cozy Bear, aka Nobelium) and other threat actors that involves taking advantage of the self-enrollment process for MFA in Azure Active Directory and other platforms.

Read full article on Help Net Security