Malicious OAuth apps used to take over Email servers
Microsoft warned for a consumer-facing attack that makes use of rogue OAuth applications on compromised cloud tenants to ultimately seize control of Exchange servers and spread spam.
“The threat actor launched credential stuffing attacks against high-risk accounts that didn’t have multi-factor authentication (MFA) enabled and leveraged the unsecured administrator accounts to gain initial access”.