Mailbox Rule Abuse Emerges as Stealthy Post-Compromise Threat
ATT&CK techniques detected
T1564.008Email Hiding Rules
86%
“mailbox rule abuse emerges as stealthy post - compromise threat security researchers have identified a surge in the misuse of mailbox rules within microsoft 365 environments, with attackers increasingly relying on native email features to maintain access, exfiltrate data and mani…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1564.008Email Hiding Rules
76%
“access even after password changes in practice, these tactics enable attackers to impersonate victims, hijack communication threads and influence business transactions without triggering traditional security alerts. real - world impact and persistence risks several scenarios illu…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
T1114.003Email Forwarding Rule
42%
“mailbox rule abuse emerges as stealthy post - compromise threat security researchers have identified a surge in the misuse of mailbox rules within microsoft 365 environments, with attackers increasingly relying on native email features to maintain access, exfiltrate data and mani…”
Which technique(s) should be tagged here? Pick zero or more — leaving blank just records that the original was wrong.
No matches for .
Loading techniques…
Summary
Attackers are abusing Microsoft 365 mailbox rules to hide activity, exfiltrate data and retain access after account compromise, researchers warn