News Corp Breached by Chinese Nation-State Through Phishing
Email spear-phishing + M365 enterprise app used to exfiltrate data to the Chinese nation state.
What is the attack?
Attack on News Corp by the Chinese Nation State, resulting in document + email exfiltration of journalists and employees. Attack conducted through spear-phishing and access of M365 through an API and Enterprise App. Likely conducted by APT 31 (also known as Zirconium or Judgment Panda).
Why did it get through?
Threat actors used spear-phishing through email on an employee to compromise their M365 account. The account compromise was then used to install a M365 enterprise application. Resetting the account / credentials doesn’t help to reset the M365 application.
What is required to solve for this attack?
Enabling a Human Behavioral AI security platform to a) ingest M365 platform signals like sign-ins and enterprise apps b) analyze normal behavioral norms c) detect suspicious and risky behavior. Enhancing email security to prevent spear-phishing. Detecting account takeovers across M365 + Cloud + SaaS.