Microsoft 365 mailbox rules abused for exfiltration, persistence
ATT&CK techniques detected
T1564.008Email Hiding Rules
88%
“microsoft 365 mailbox rules abused for exfiltration, persistence a broad mix of attackers are abusing microsoft 365 mailbox rules as a stealthy method to quietly manage email flow by deleting, hiding, forwarding or marking messages as read without alerting victims. security pros …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1564.008Email Hiding Rules
88%
“many types of attackers leverage this technique. it ' s an easy method that uses native functionality with such a high value that just about everyone uses it, noted miron. “ it could be used manually, added to part of a hacking tool, or even incorporated into malware that uses po…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1564.008Email Hiding Rules
62%
“##ntial level, they remain even after a password reset. ” denis calderone, cto and principal at suzu labs, explained that mailbox rules are one of the very first issues security teams look for when they are triaging a business email compromise. here ’ s how it works : the attacke…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1114.003Email Forwarding Rule
48%
“microsoft 365 mailbox rules abused for exfiltration, persistence a broad mix of attackers are abusing microsoft 365 mailbox rules as a stealthy method to quietly manage email flow by deleting, hiding, forwarding or marking messages as read without alerting victims. security pros …”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…