Yep.. there is an "exploit" in the login systems of Microsoft. for azure & 365,
it is possible to login as the admin of someone else's 365 instance, if you "catch it right"
nope i'm not going to explain how to do it.
and also an attack exploit against accounts....
MS are NOT interested., they are even LESS interested once i told them i'm not here to work as a "free Q.A staff" for their company, have a massive long running case with them over another of their policies., where they are REFUSING support requests.
Basically this is part of the attack for 365:
You use azure to run your attack systems INSIDE MS azure & in some cases a 365 instance, now becasue you are running these attacks from inside they same system cloud as Ms 365 , most of the traffic is NOT SEEN externally.
you then run desktop instances of clients to leverage the attack(inside azure), get a user to click on a link and get an authentication token, ONCE YOU HAVE THIS YOU DO NOT NEED to log in again.
since MS azure sees the "fake" account as never moving or changing the security status. *(its running inside azure from MS data centers)
The login will NEVER appear inside the azure back end. under the normal authentication systems.
Futher more MS is totally unable to track & resolve TCPIP v6 addresses, there is NO WAY to filter the traffic or set any kind of triggers, country & other filters are useless.
(most mobile phone networks use tcpip v6)
once you have this login, you then leverage dummy email zones to match the users you are attacking, by using "names cheap" and google email re-directors
and start setting up filters to put ALL the users email into the ARCHIVE SPAM folder, at this point the hacker goes thru, reads the email , replaces or deletes the content & marks it as NOT spam, putting it BACK into the user email box.
they also setup dummy businesses with VERY similar names on "namescheap" but set the mx records to google.
They also POISON your address book, removing the "genuine" email addresses" and replacing it with poisoned ones. (same contacts , slightly different domain spelling)
Start typing an email address & you get the poisoned address, which redirects to their dummy domain so they can add "wares" before sending to the real recipients.
It is a highly efficient attack strategy, and they can run inside your business for months , gradually leveraging into customers & suppler systems using the same methods.
They are VERY VERY careful and become highly proficient on the running of the business & financials ,plus all systems related to money relases.
Biting the hand that feeds IT
