When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.
Abusing compromised accounts
To move into corporate infrastructure, Midnight Blizzard uses compromised accounts and OAuth applications.
The Russians would use compromised accounts to grant high permissions to OAuth applications.
This allows them to maintain access even if the victim spots the attack and updates the login credentials.
Their first target is always the email inbox, where they look for important correspondence.
The attackers, Midnight Blizzard, were allegedly able to steal some emails and attached documents related to themselves.
Soon afterward,HPE also said its emails were targetedand a small percentage of them accessed.
