News Corp Breached by Chinese Nation-State Through Phishing
Email spear-phishing + M365 enterprise app used to exfiltrate data to the Chinese nation state.
What is the attack?
- Attack on News Corp by the Chinese Nation State, resulting in document + email exfiltration of journalists and employees.
- Attack conducted through spear-phishing and access of M365 through an API and Enterprise App.
- Likely conducted by APT 31 (also known as Zirconium or Judgment Panda).
Why did it get through?
- Threat actors used spear-phishing through email on an employee to compromise their M365 account.
- The account compromise was then used to install a M365 enterprise application.
- Resetting the account / credentials doesn’t help to reset the M365 application.
What is required to solve for this attack?
- Enabling a Human Behavioral AI security platform to a) ingest M365 platform signals like sign-ins and enterprise apps b) analyze normal behavioral norms c) detect suspicious and risky behavior.
- Enhancing email security to prevent spear-phishing.
- Detecting account takeovers across M365 + Cloud + SaaS.