EXPLORE

← Back to Explore

T1199

Trusted Relationship

Adversaries may breach or otherwise leverage organizations who have access to intended victims. Access through trusted third party relationship abuses an existing connection that may not be protected or receives less scrutiny than standard mechanisms of gaining access to a network. Organizations often grant elevated access to second or third-party external providers in order to allow them to manage internal systems as well as cloud-based environments. Some examples of these relationships includ...

WindowsSaaSIaaSLinuxmacOSIdentity ProviderOffice Suite

6

Detections

2

Sources

11

Threat Actors

BY SOURCE

5elastic1sigma

PROCEDURES (5)

Powershell2 detections

Auto-extracted: 2 detections for powershell

Phish1 detections

Auto-extracted: 1 detections for phish

Email Security1 detections

Auto-extracted: 1 detections for email security

General Monitoring1 detections

Auto-extracted: 1 detections for general monitoring

Authentication Monitoring1 detections

Auto-extracted: 1 detections for authentication monitoring

THREAT ACTORS (11)

APT28 APT29 GOLD SOUTHFIELD HAFNIUM LAPSUS$menuPass POLONIUM RedCurl Sandworm Team Sea Turtle Threat Group-3390

DETECTIONS (6)

Entra ID Illicit Consent Grant via Registered Application

Entra ID OAuth Authorization Code Grant for Unusual User, App, and Resource

Entra ID OAuth Phishing via First-Party Microsoft Application

Microsoft 365 - User Restricted from Sending Email

New GitHub App Installed

Okta Sign-In Events via Third-Party IdP