Remediation and Hardening Strategies for Microsoft 365 to Defend Against UNC2452
This past winter, FireEye uncovered a widespread campaign conducted by a threat group we labeled UNC2452. In some of the intrusions linked with this campaign, the attackers used their access to on-premises networks to infiltrate Microsoft 365 environments. An estimated 60,000 organizations have been affected.
Because there is no formal security boundary between on-premises networks and cloud services provided by Microsoft 365, a thorough review of potentially affected cloud environments may be necessary.
This paper can help you understand the nature of this attack and outline steps you can take to detect and protect your potentially compromised environments. You can learn about:
- The four main techniques threat actors are using to exploit Microsoft 365
- Actionable detection and remediation strategies for each threat
- Hardening recommendations for your Microsoft 365 environment