ioc[.]one - OSINT Cyber Threat Intelligence Database

Unmasking Advanced Threat Actors: How Cloud Identity and Access Management is Under Attack

Tags

cmtmf-attack-pattern:	Modify Authentication Process Phishing For Information
maec-delivery-vectors:	Watering Hole
attack-pattern:	Data Cloud Account - T1087.004 Cloud Account - T1136.003 Cloud Services - T1021.007 Conditional Access Policies - T1556.009 Credentials - T1589.001 Hardware - T1592.001 Modify Authentication Process - T1556 Multi-Factor Authentication - T1556.006 Phishing - T1660 Phishing - T1566 Phishing For Information - T1598 Software - T1592.002 Spearphishing Attachment - T1598.002 Spearphishing Link - T1566.002 Spearphishing Link - T1598.003 Vulnerabilities - T1588.006 Account Manipulation - T1098 Create Account - T1136 Spearphishing Link - T1192 Valid Accounts - T1078 Valid Accounts

Show in Graph

Common Information

Type	Value
UUID	04c5b71f-0353-4e47-bca0-7d82f01057e1
Fingerprint	98689098a98f8709
Analysis status	DONE
Considered CTI value	2
Text language
Published	Sept. 21, 2024, 12:45 a.m.
Added to db	Sept. 21, 2024, 3:37 a.m.
Last updated	Nov. 17, 2024, 6:56 p.m.
Headline	Unmasking Advanced Threat Actors: How Cloud Identity and Access Management is Under Attack
Title	Unmasking Advanced Threat Actors: How Cloud Identity and Access Management is Under Attack
Detected Hints/Tags/Attributes	82/3/39

Source URLs

	Redirection	Url
Details	Source	https://medium.com/@edson.cyberpro/unmasking-advanced-threat-actors-how-cloud-identity-and-access-management-is-under-attack-0fba726c5651?source=rss------cybersecurity-5

URL Provider

Details	Provider	Source level domain
Details	medium.com	medium.com

RSS Feed

Details	Id	Enabled	Feed title	Url	Added to db
Details	167	✔	Cybersecurity on Medium	https://medium.com/feed/tag/cybersecurity	2024-08-30 22:08

Attributes

Details	Type	#Events	Value
Details	Domain	172	www.crowdstrike.com
Details	Domain	182	www.mandiant.com
Details	Domain	469	www.cisa.gov
Details	Domain	281	docs.microsoft.com
Details	Domain	397	www.microsoft.com
Details	Domain	28	www.splunk.com
Details	Domain	4	fidoalliance.org
Details	Domain	82	csrc.nist.gov
Details	Domain	360	attack.mitre.org
Details	File	1	splunk-security-essentials.html
Details	MITRE ATT&CK Techniques	409	T1566
Details	MITRE ATT&CK Techniques	183	T1566.002
Details	MITRE ATT&CK Techniques	100	T1598
Details	MITRE ATT&CK Techniques	13	T1598.002
Details	MITRE ATT&CK Techniques	86	T1136
Details	MITRE ATT&CK Techniques	11	T1136.003
Details	MITRE ATT&CK Techniques	33	T1556
Details	MITRE ATT&CK Techniques	6	T1556.006
Details	MITRE ATT&CK Techniques	112	T1098
Details	Url	2	https://www.crowdstrike.com/global-threat-report
Details	Url	1	https://www.mandiant.com/resources/apt-threat-reports
Details	Url	1	https://www.cisa.gov/mfa-fatigue-attacks
Details	Url	1	https://docs.microsoft.com/azure/active-directory/reports-monitoring/concept-sign-ins
Details	Url	1	https://www.microsoft.com/security/blog/insiders-playbook-cloud-threats
Details	Url	1	https://www.splunk.com/en_us/resources/white-papers/splunk-security-essentials.html
Details	Url	1	https://fidoalliance.org/fido2
Details	Url	1	https://docs.microsoft.com/azure/sentinel/overview
Details	Url	1	https://www.crowdstrike.com/endpoint-security-products
Details	Url	2	https://csrc.nist.gov/publications/detail/sp/800-207/final
Details	Url	57	https://attack.mitre.org
Details	Url	3	https://attack.mitre.org/techniques/t1566
Details	Url	3	https://attack.mitre.org/techniques/t1566/002
Details	Url	2	https://attack.mitre.org/techniques/t1598
Details	Url	1	https://attack.mitre.org/techniques/t1598/002
Details	Url	2	https://attack.mitre.org/techniques/t1136
Details	Url	1	https://attack.mitre.org/techniques/t1136/003
Details	Url	1	https://attack.mitre.org/techniques/t1556
Details	Url	1	https://attack.mitre.org/techniques/t1556/006
Details	Url	4	https://attack.mitre.org/techniques/t1098