Micrsosoft 365 continues to be a target for the Russian-based threat group known as Cozy Bear, according to researchers at Mandiant.

Also known as APT29 by some analysts and believed to be supported by Russia’s foreign intelligence service, the group continues to show “exceptional operational security and advanced tactics targeting Microsoft 365,” Mandiant said in a background blog.

That includes getting around multifactor authentication (MFA). Threat actors — including APT29 –take advantage of the self-enrollment process for MFA in Microsoft’s Azure Active Directory and other platforms, the report says.

Read More Here