Hackers are using this sneaky exploit to bypass Microsoft's multi-factor authentication
Cyber criminals are exploiting dormant Microsoft accounts to bypass multi-factor authentication (MFA) and gain access to cloud services and networks, researchers have warned.
The technique has been detailed by cybersecurity researchers at Mandiant, who says the exploit is being used in hacking campaigns by APT29 – also known as Cozy Bear – a hacking and espionage operation widely believed to be linked to Russia's Foreign Intelligence Service (SVR). Other offensive cyber threat groups are thought to be using the same tactics.
Multi-factor authentication is a useful tool for organisations looking to prevent account takeovers and cyber-attacks against cloud services and other parts of the network. However, while it's extremely effective at defending against intrusions, it's not infallible and cyber attackers are finding ways around it. According to Mandiant, cyber criminals are exploiting the self-enrollment process for applying MFA to Microsoft Azure Active Directory and other platforms to take control of Microsoft 365 and other accounts.