{"id":39214,"date":"2021-01-20T14:06:19","date_gmt":"2021-01-20T14:06:19","guid":{"rendered":"https:\/\/packetstormsecurity.com\/news\/view\/31945\/SolarWinds-Attack-Opened-Up-4-Paths-To-A-Microsoft-365-Cloud-Breach.html"},"modified":"2021-01-20T14:06:19","modified_gmt":"2021-01-20T14:06:19","slug":"solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach","status":"publish","type":"post","link":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/","title":{"rendered":"SolarWinds Attack Opened Up 4 Paths To A Microsoft 365 Cloud Breach"},"content":{"rendered":"
\n
A Microsoft store in British Columbia, Canada. (GoToVan from Vancouver, Canada\/CC BY 2.0 https:\/\/creativecommons.org\/licenses\/by\/2.0<\/a>, via Wikimedia Commons)<\/figcaption><\/figure>\n

The perpetrators behind the SolarWinds supplychain attack were observed leveraging four separate, techniques to bypass identity and access management protections and laterally move from victims\u2019 on-premises networks to their cloud-based Microsoft 365 accounts.<\/p>\n

Companies that use M365 may therefore wish to heed three key recommendations: harden your hybrid environments, conduct thorough audits of your cloud assets and ensure that any remediation efforts are performed in the correct sequence to prevent the possibility of reinfection.<\/p>\n

The findings and recommendations come from a newly released report by researchers at Mandiant, a subsidiary of FireEye, the cybersecurity firm that exposed the SolarWinds attack<\/a> last month after discovering that its own networks and red-team tools were compromised.<\/p>\n

Some of the culprits\u2019 tactics rendered multi-factor authentication moot \u2013 a reminder to all organizations that MFA is not a security panacea. Prominent among the four techniques is the \u201cGolden SAML\u201d attack, whereby the bad actors stole Active Directory Federal Services (AD FS) token-signing certificates and then used them to create tokens for authenticating into Microsoft 365 without a password or MFA.<\/p>\n

Additionally, the attackers have modified trusted domains in Microsoft Azure AD in order to add a new attacker-controlled federated Identity Provider (IdP) capable of forging tokens \u2013 essentially creating an Azure backdoor. In other cases, they have compromised the credentials of high-privileged on-prem accounts synced to Microsoft 365, and they have backdoored M365 apps by adding rogue credentials and exploiting their legitimate assigned permissions.<\/p>\n

\u201cThese are all sophisticated and effective techniques, allowing the adversary to disable key levels of security controls necessary to identify and stop the attack after a network foothold has been established,\u201d said Deepen Desai, CISO and vice president of security research and operations at Zscaler. But of the four Golden SAML and the Azure AD backdoor are \u201cparticularly dangerous,\u201d he said, because \u201cthe attacker can pose as any user in the organization and bypass the primary security controls meant to protect against compromised accounts: passwords and MFA.\u201d<\/p>\n

Douglas Bienstock, manager of incident response at Mandiant, agreed with this assessment, telling SC Media that the first two techniques are \u201cgood examples of why multi-factor authentication is not a silver bullet\u2026 Threat actors know organizations are using multi-factor and so they\u2019re looking for ways around it.\u201d<\/p>\n

Making matters worse, some organizations don\u2019t have \u201cdefined playbooks\u201d for how to respond to one of these sophisticated cloud attack techniques, added Matthew McWhirt, director at Mandiant. And even if they do have solid playbooks for both on-prem and cloud-based breaches, \u201cwhen it comes time to combine the two and create that consolidated overview of everything we need to do in both environments, that is sometimes where it gets a little muddy.\u201d<\/p>\n

A basic playbook that instructs organizations to simply reset passwords and remove a backdoor \u201cis not going to remediate against some of these tactics. So it really does involve taking a [much] closer look at the cloud infrastructure: How is it configured? How is it being used? And what are some areas that organizations really need to focus on?\u201d said McWhirt. \u201cWhat are some of the detection triggers, and\u2026 what are some of the proactive hardening parameters that can be enforced?\u201d<\/p>\n

To that end, Mandiant in a detailed white paper and blog post describes all four techniques and then offers recommendations for companies to harden their infrastructure against such attacks and remediate them if they have already occurred.<\/p>\n

To prevent Golden SAML, FireEye recommends configuring a Group Managed Service Account (gMSA) for AD FS services, reviewing AD FS logging and auditing settings, and implementing account and network access restrictions. For the other three techniques, Mandiant advises organizations to filter accounts synched to Azure AD, limit privileged users to trusted IP, enhance mailbox auditing, review Azure application and service principal permission, enforce MFA, review registered MFA devices and review something else.<\/p>\n

Desai, meanwhile, recommended that companies adopt a zero-trust architecture \u201cto reduce the attack surface and prevent lateral movement.\u201d He also advises companies to gain visibility into all outbound traffic with SSL\/TLC inspection and to practice micro-segmentation with cloud workload protection.<\/p>\n

Late last year, security company Ermetic issued a report<\/a> reminding users that the SolarWinds attack risks not just on-prem systems but also cloud-based infrastructure, warning that the incident has endangered Amazon Web Services and Microsoft Azure API keys and their corresponding accounts.<\/p>\n

\u201cThis is a particularly important point, especially in the post-Covid world, where the majority of enterprises have shifted to hybrid work environments,\u201d said Desai. \u201cAs a result, users are outside the traditional perimeter with many applications and workloads shifting to public cloud infrastructure. We have seen cases where enterprises have struggled to protect both users and cloud resources with the same level of security as on-prem resources.\u201d<\/p>\n

As for the remediation, FireEye stresses the importance of executing the process with proper timing and sequencing. The report says that in order to \u201cmaximize the probability of fully eradicating this threat actor from hybrid Microsoft 365 environments,\u201d organizations must first fully regain control of the on-premises systems that house secrets and credentials for cloud-based services.<\/p>\n

Once that is done, they should rotate their Microsoft 365 secrets and credentials. But if the original on-premise compromise or installed backdoors aren\u2019t entirely eradicated first then the attackers could simply reinfect the M365 app.<\/p>\n

Desai also noted that organizations assessing damage to their on-prem and cloud assets may wish to use Sparrow.ps1<\/a>, a tool created by CISA\u2019s Cloud Forensics team to help detect potentially compromised accounts and applications in the Azure and M365 environment.<\/p>\n

\u201cWhat we don\u2019t want to do\u2026 is have organizations go through this entire process all to be negated because the attacker is still there,\u201d said McWhirt. They can still get access to the key material they need to create a forged token to the cloud, for example.\u201d<\/p>\n

\u201cSo it really is prudent\u2026 having that comprehensive overview, really having a good understanding of the ways that the attacker likely leveraged to gain access to whatever it was, [and] then pivot from on-prem to the cloud.\u201d<\/p>\n

\u201cThere\u2019s no security boundary between a physical on-premise network and the cloud. It\u2019s just kind of this fuzzy line,\u201d said Bienstock. \u201cThat\u2019s where things get difficult and I think a lot of it is just down to [the fact that] there\u2019s not a lot of people who have that kind of experience. And at least historically there wasn\u2019t a lot of good documentation or knowledge out there on how [you] recover from this type of breach. And that\u2019s the gap we\u2019re trying to bridge with our white paper.\u201d<\/p>\n<\/p><\/div>\n

\n

Topics:<\/h2>\n

Breach<\/a> Cloud<\/a> Network Security<\/a> <\/section>\n

READ MORE HERE<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

READ MORE HERE…<\/p>\n","protected":false},"author":2,"featured_media":39215,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"colormag_page_layout":"default_layout","footnotes":""},"categories":[277],"tags":[9164],"class_list":["post-39214","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity-blogs","tag-headlinehackermicrosoftrussiadata-lossflaw"],"yoast_head":"\nSolarWinds Attack Opened Up 4 Paths To A Microsoft 365 Cloud Breach 2026 | ThreatsHub Cybersecurity News<\/title>\n<meta name=\"description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"SolarWinds Attack Opened Up 4 Paths To A Microsoft 365 Cloud Breach 2026 | ThreatsHub Cybersecurity News\" \/>\n<meta property=\"og:description\" content=\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/\" \/>\n<meta property=\"og:site_name\" content=\"ThreatsHub Cybersecurity News\" \/>\n<meta property=\"article:published_time\" content=\"2021-01-20T14:06:19+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1024\" \/>\n\t<meta property=\"og:image:height\" content=\"614\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"TH Author\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@threatshub\" \/>\n<meta name=\"twitter:site\" content=\"@threatshub\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"TH Author\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\\\/\"},\"author\":{\"name\":\"TH Author\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\"},\"headline\":\"SolarWinds Attack Opened Up 4 Paths To A Microsoft 365 Cloud Breach\",\"datePublished\":\"2021-01-20T14:06:19+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\\\/\"},\"wordCount\":1149,\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach.jpg\",\"keywords\":[\"headline,hacker,microsoft,russia,data loss,flaw\"],\"articleSection\":[\"CyberSecurity Blogs\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\\\/\",\"name\":\"SolarWinds Attack Opened Up 4 Paths To A Microsoft 365 Cloud Breach 2026 | ThreatsHub Cybersecurity News\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach.jpg\",\"datePublished\":\"2021-01-20T14:06:19+00:00\",\"description\":\"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2021\\\/01\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach.jpg\",\"width\":1024,\"height\":614},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"headline,hacker,microsoft,russia,data loss,flaw\",\"item\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/tag\\\/headlinehackermicrosoftrussiadata-lossflaw\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"SolarWinds Attack Opened Up 4 Paths To A Microsoft 365 Cloud Breach\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"name\":\"ThreatsHub Cybersecurity News\",\"description\":\"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\"},\"alternateName\":\"Threatshub.org\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#organization\",\"name\":\"ThreatsHub.org\",\"alternateName\":\"Threatshub.org\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"contentUrl\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/wp-content\\\/uploads\\\/2025\\\/05\\\/Threatshub_Favicon1.jpg\",\"width\":432,\"height\":435,\"caption\":\"ThreatsHub.org\"},\"image\":{\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/threatshub\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.threatshub.org\\\/blog\\\/#\\\/schema\\\/person\\\/12e0a8671ff89a863584f193e7062476\",\"name\":\"TH Author\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g\",\"caption\":\"TH Author\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"SolarWinds Attack Opened Up 4 Paths To A Microsoft 365 Cloud Breach 2026 | ThreatsHub Cybersecurity News","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/","og_locale":"en_US","og_type":"article","og_title":"SolarWinds Attack Opened Up 4 Paths To A Microsoft 365 Cloud Breach 2026 | ThreatsHub Cybersecurity News","og_description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","og_url":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/","og_site_name":"ThreatsHub Cybersecurity News","article_published_time":"2021-01-20T14:06:19+00:00","og_image":[{"width":1024,"height":614,"url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach.jpg","type":"image\/jpeg"}],"author":"TH Author","twitter_card":"summary_large_image","twitter_creator":"@threatshub","twitter_site":"@threatshub","twitter_misc":{"Written by":"TH Author","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/#article","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/"},"author":{"name":"TH Author","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476"},"headline":"SolarWinds Attack Opened Up 4 Paths To A Microsoft 365 Cloud Breach","datePublished":"2021-01-20T14:06:19+00:00","mainEntityOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/"},"wordCount":1149,"publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach.jpg","keywords":["headline,hacker,microsoft,russia,data loss,flaw"],"articleSection":["CyberSecurity Blogs"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/","url":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/","name":"SolarWinds Attack Opened Up 4 Paths To A Microsoft 365 Cloud Breach 2026 | ThreatsHub Cybersecurity News","isPartOf":{"@id":"https:\/\/www.threatshub.org\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/#primaryimage"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/#primaryimage"},"thumbnailUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach.jpg","datePublished":"2021-01-20T14:06:19+00:00","description":"ThreatsHub Cybersecurity News | ThreatsHub.org | Cloud Security & Cyber Threats Analysis Hub. 100% Free OSINT Threat Intelligent and Cybersecurity News.","breadcrumb":{"@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/#primaryimage","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2021\/01\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach.jpg","width":1024,"height":614},{"@type":"BreadcrumbList","@id":"https:\/\/www.threatshub.org\/blog\/solarwinds-attack-opened-up-4-paths-to-a-microsoft-365-cloud-breach\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.threatshub.org\/blog\/"},{"@type":"ListItem","position":2,"name":"headline,hacker,microsoft,russia,data loss,flaw","item":"https:\/\/www.threatshub.org\/blog\/tag\/headlinehackermicrosoftrussiadata-lossflaw\/"},{"@type":"ListItem","position":3,"name":"SolarWinds Attack Opened Up 4 Paths To A Microsoft 365 Cloud Breach"}]},{"@type":"WebSite","@id":"https:\/\/www.threatshub.org\/blog\/#website","url":"https:\/\/www.threatshub.org\/blog\/","name":"ThreatsHub Cybersecurity News","description":"%%focuskw%% Threat Intel \u2013 Threat Intel Services \u2013 CyberIntelligence \u2013 Cyber Threat Intelligence - Threat Intelligence Feeds - Threat Intelligence Reports - CyberSecurity Report \u2013 Cyber Security PDF \u2013 Cybersecurity Trends - Cloud Sandbox \u2013- Threat IntelligencePortal \u2013 Incident Response \u2013 Threat Hunting \u2013 IOC - Yara - Security Operations Center \u2013 SecurityOperation Center \u2013 Security SOC \u2013 SOC Services - Advanced Threat - Threat Detection - TargetedAttack \u2013 APT \u2013 Anti-APT \u2013 Advanced Protection \u2013 Cyber Security Services \u2013 Cybersecurity Services -Threat Intelligence Platform","publisher":{"@id":"https:\/\/www.threatshub.org\/blog\/#organization"},"alternateName":"Threatshub.org","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.threatshub.org\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.threatshub.org\/blog\/#organization","name":"ThreatsHub.org","alternateName":"Threatshub.org","url":"https:\/\/www.threatshub.org\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","contentUrl":"https:\/\/www.threatshub.org\/blog\/coredata\/uploads\/2025\/05\/Threatshub_Favicon1.jpg","width":432,"height":435,"caption":"ThreatsHub.org"},"image":{"@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/threatshub"]},{"@type":"Person","@id":"https:\/\/www.threatshub.org\/blog\/#\/schema\/person\/12e0a8671ff89a863584f193e7062476","name":"TH Author","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/066276f086d5155df79c850206a779ad368418a844da0182ce43f9cd5b506c3d?s=96&d=mm&r=g","caption":"TH Author"}}]}},"_links":{"self":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39214","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/comments?post=39214"}],"version-history":[{"count":0,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/posts\/39214\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media\/39215"}],"wp:attachment":[{"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/media?parent=39214"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/categories?post=39214"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.threatshub.org\/blog\/wp-json\/wp\/v2\/tags?post=39214"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}