Our story begins with a customer whose help desk unwittingly assisted a threat actor posing as a credentialed employee.
In this fourth report in our ongoing Cyberattack Series, we look at the steps taken to discover, understand, and respond to a credential phishing and smishing (text-based phishing) cyberattack that targeted a legitimate, highly-privileged user with social engineering—allowing the cyberattacker to impersonate the victim and weaponize a help desk to remove their multifactor authenticated device and register their own.
Read more…
Source: Microsoft