Mitiga at RSAC 2025: Visit our booth, attend our speaking sessions, and schedule a meeting with us!

In an ever-changing cyber landscape, the recent exploit by China-based threat actor, Storm-0558, highlights the need for constant vigilance. The threat actor exploited a compromised encryption key (MSA key) to target Microsoft Exchange Online, forge access tokens, manipulate the token verification process, and extract unclassified data from victim mailboxes.

A Mitiga, we build a cloud and SaaS Forensic Data Lake for customers so that they are prepared in moments like this one. By having the historic forensic data ready and available for investigation, we were able to quickly hunt for indicators of this type of attack including seeking out IP addresses used to access user emails with a forged authentication token or as part of supporting infrastructure. Taking this kind of proactive approach ensures we have a complete hunting ground to root out assailants and enables a rapid response—allowing us to secure our clients' environments thoroughly and quickly.

Where Cloud and SaaS are concerned, this should be the new standard.

Remember that concealment is the mode of operation for these espionage attacks. The pressing issue, therefore, is not only whether you are susceptible to this type of attack, but, more importantly, whether an attacker has already breached your environment and is currently operating within it. At Mitiga, we provide our clients with the reassurance that their environment is secure, even when hidden dangers are present.

Stay Informed. Stay vigilant.

If you want to learn more about how your enterprise could be strengthening your preparedness to be ready for these types of exploits, contact us.

LAST UPDATED:

November 7, 2024

Don't miss these stories:

Rippling Turning Into a Tsunami

In today’s digital workspace, SaaS applications like Slack, Google Drive, and Microsoft Teams have become the backbone of business communication and collaboration.

Make Cloud Attacks Yesterday’s Problem with Mitiga at RSA Conference 2025

Visit Mitiga at booth number N-4618 at RSA Conference 2025 to learn about cloud detection and response.

Uncovering Hidden Threats: Hunting Non-Human Identities in GitHub

In the last few days, two compromised GitHub Actions are actively leaking credentials, and a large-scale OAuth phishing campaign is exploiting developer trust.

Can vulnerabilities in on-prem resources reach my cloud environment?

What risk does this Zoho password manager vulnerability present, and could this on-prem vulnerability impact cloud environments as well?

Log4Shell - identify vulnerable external-facing workloads in AWS

Cloud-based systems should be thoroughly searched for the new Log4j vulnerability (CVE-2021-44228). But this is a daunting task, since you need to search each and every compute instance, from the biggest EC2 instance to the smallest Lambda function. This is where Mitiga can help.

How Transit Gateway VPC Flow Logs Help Incident & Response Readiness

In this blog, we will focus on the security and forensic aspects of Transit Gateway VPC flow logs and expand the way they can be used by organizations to respond to cloud incidents.