Emerging Attacker Exploit: Microsoft Cross-Tenant Synchronization

Logo
Presented by

Arpan Sarkar, Technical Engineer - Threat Hunting, Vectra AI

About this talk

Attackers target Microsoft identities for access to applications and SaaS platforms, exploiting native functions over vulnerabilities. Nobelium, linked to SolarWinds, uses native tools like Federated Trusts for ongoing tenant access. This session will reveal an attacker leveraging another native function, enabling persistent access to a Microsoft cloud tenant using lateral movement and other tactics. This vector exploits misconfigured Cross-Tenant Sync, letting attackers breach connected tenants or establish rogue configurations.

Related topics:

More from this channel

Upcoming talks (0)
On-demand talks (27)
Subscribers (1176)
Vectra® is the leader in Security AI-driven cyber threat detection and response for hybrid cloud. Vectra’s patented Attack Signal Intelligence™ detects and prioritizes threats across public cloud, SaaS, identity, and networks in a single platform. Vectra’s Attack Signal Intelligence goes beyond simple anomaly detection to analyze and understand attacker behavior. The resulting high-fidelity signal and deep context enables security operations teams to prioritize, investigate and respond to cyber-attacks in progress sooner and faster. Organizations worldwide rely on the Vectra platform and MDR services to stay ahead of modern cyber-attacks. Visit www.vectra.ai.