Abusing Azure Application Credentials to Attack Supply Chains
Tags
cmtmf-attack-pattern: Supply Chain Compromise
attack-pattern: Data Model Chat Messages - T1552.008 Credentials - T1589.001 Ip Addresses - T1590.005 Server - T1583.004 Server - T1584.004 Supply Chain Compromise - T1474 Vulnerabilities - T1588.006 Supply Chain Compromise - T1195 Supply Chain Compromise
Show in Graph
Common Information
Type Value
UUID eb152d5a-3495-4761-a2b3-99e960ae6765
Fingerprint e47b9e8b67f66085
Analysis status DONE
Considered CTI value 0
Text language
Published Jan. 26, 2021, midnight
Added to db Aug. 12, 2023, 9:06 a.m.
Last updated Nov. 17, 2024, 5:56 p.m.
Headline Abusing Azure Application Credentials to Attack Supply Chains
Title Abusing Azure Application Credentials to Attack Supply Chains
Detected Hints/Tags/Attributes 46/2/8
Source URLs
Redirection Url
Details Source https://www.secureworks.com/research/abusing-azure-application-credentials-to-attack-supply-chains
URL Provider
Details Provider Source level domain
Details secureworks.com www.secureworks.com
RSS Feed
Details Id Enabled Feed title Url Added to db
Details 370 https://www.secureworks.com/rss?feed=research 2024-08-30 22:08
Attributes
Details Type #Events CTI Value
Details Domain 17 
mail.read
Details Domain 154 
us-cert.cisa.gov
Details Domain 5 
www.sygnia.co
Details File 2 
authentication_mechanisms_csa_u_oo_198854_20.pdf
Details Url 1 
https://us-cert.cisa.gov/ncas/alerts/aa21-008a
Details Url 2 
https://media.defense.gov/2020/dec/17/2002554125/-1/-1/0/authentication_mechanisms_csa_u_oo_198854_20.pdf
Details Url 2 
https://www.cyberark.com/resources/threat-research-blog/golden-saml-newly-discovered-attack-technique-forges-authentication-to-cloud-apps
Details Url 2 
https://www.sygnia.co/golden-saml-advisory