From this attack, the group 'leveraged their initial access to identify and compromise a legacy test OAuth application that had elevated access to the Microsoft corporate environment.'
Crucially, the non-production test tenant account that was breached didn't have two-factor authentication enabled.
'Midnight Blizzard leveraged these malicious OAuth applications to gain access to the corporate environment and eventually to the Office 365 Exchange Online service.'
[
add
]
[
|
|
...
]