Threat Actors Abuse Microsoft's Verified Publisher Status

Security experts at Proofpoint disclosed that cyber adversaries are using malicious OAuth applications to abuse Microsoft's "verified publisher" status. The activity is intended to gain access to the cloud environments of targeted organizations, pilfer data, and also scan through users' mailboxes, calendars, files, and more. The early signs of the campaign, involving consent phishing, were spotted in December 2022.