New AD CTS Attack Vector Enables Lateral Movement Between Microsoft tenant
- С сайта: Vulnerability cybersecuritynews.com
- Вернуться к списку новостей
С сайта: Vulnerability cybersecuritynews.com
According to reports, the threat group known as “Nobelium” who were responsible for the SolarWinds attacks is now discovered to be targeting Microsoft tenants through the new Cross-Tenant Synchronisation (CTS) feature introduced by Microsoft.
CTS is a feature that enables organizations to synchronize users and groups from other source tenants and can grant them access to the target tenant.
CTS feature also helps in creating, updating, and deleting AD (Active Directory) users across other tenants.
CTS features and workflow (Source: Vectra)
However, since this feature opens the gate to multiple tenants from one tenant, it is important to configure and manage correctly.
Misconfiguration can lead to threat actors using this feature for lateral movement across multiple tenants and performing malicious activities.
The attack from threat actors however requires licence and compromising of a privileged account or privilege escalation on a compromised tenant.
However, if a Global admin account is compromised, it is extremely easy for an attacker to deploy a backdoor and maintain persistent access to the tenants. The CTS tenants get synced through “Push” and not “Pull”.
Lateral Movement Once the threat actor compromises a tenan
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #vulnerability
Оригинальная версия на сайте:
New AD CTS Attack Vector Enables Lateral Movement Between Microsoft tenant
Author: DhivyaAccording to reports, the threat group known as “Nobelium” who were responsible for the SolarWinds attacks is now discovered to be targeting Microsoft tenants through the new Cross-Tenant Synchronisation (CTS) feature introduced by Microsoft.
CTS is a feature that enables organizations to synchronize users and groups from other source tenants and can grant them access to the target tenant.
CTS feature also helps in creating, updating, and deleting AD (Active Directory) users across other tenants.
CTS features and workflow (Source: Vectra)
However, since this feature opens the gate to multiple tenants from one tenant, it is important to configure and manage correctly. Misconfiguration can lead to threat actors using this feature for lateral movement across multiple tenants and performing malicious activities.
The attack from threat actors however requires licence and compromising of a privileged account or privilege escalation on a compromised tenant.
However, if a Global admin account is compromised, it is extremely easy for an attacker to deploy a backdoor and maintain persistent access to the tenants. The CTS tenants get synced through “Push” and not “Pull”.
Lateral Movement Once the threat actor compromises a tenan
#Cyber_Security #Cyber_Security_News #Vulnerability #cyber_security #vulnerability
Оригинальная версия на сайте:
