@Mandiant It’d be useful to know whether the compromised accounts already had effective admin access (ACCOUNTADMIN or similar) or not. The reporting implies as much since it doesn’t discuss identity abuse primitives, but it doesn’t explicitly state either way.
— Jared Atkinson (@jaredcatkinson) Jun 10, 2024
from Twitter https://twitter.com/jaredcatkinson
June 10, 2024 at 02:35PM
via IFTTT
@Mandiant It’d be useful to know whether the compromised accounts already had effective admin access (ACCOUNTADMIN or similar) or not. The reporting implies as much since it doesn’t discuss identity abuse primitives, but it doesn’t explicitly state either way.
jaredcatkinson
https://twitter.com/jaredcatkinson/status/1800174979004453148
