Skip to content
Threat Feed

Actor

NOBELIUM Group

7 briefs RSS
critical threat

Azure AD Privileged Graph API Permission Assignment

Detection of high-risk Graph API permission assignments (Application.ReadWrite.All, AppRoleAssignment.ReadWrite.All, and RoleManagement.ReadWrite.Directory) in Azure AD, potentially leading to unauthorized modifications and security breaches.

Azure Active Directory NOBELIUM Group azuread cloud graphapi privilegeescalation persistence
2r 1t
high threat

Azure AD FullAccessAsApp Permission Assignment

Detection of 'full_access_as_app' permission assignment to an application in Office 365 Exchange Online, potentially leading to unauthorized access and data exfiltration.

Office 365 Exchange Online +1 NOBELIUM Group azure azuread office365 persistence nobelium
2r 2t
high threat

O365 Service Principal Creation Detection

Detection of new service principal creation in O365 tenants, which can be abused by attackers for unauthorized access, API interaction, and data compromise.

Office 365 +5 NOBELIUM Group cloud o365 service_principal persistence azuread
2r 1t
critical threat

O365 ApplicationImpersonation Role Assigned

Detection of the ApplicationImpersonation role being assigned in Office 365, potentially leading to unauthorized mailbox access and impersonation.

Microsoft 365 +1 NOBELIUM Group cloud o365 applicationimpersonation persistence
2r 2t
medium threat

O365 Application Registration Owner Added

A new owner added to an O365 application registration can grant significant control, potentially leading to unauthorized data access, privilege escalation, or malicious behavior.

Azure Active Directory +1 NOBELIUM Group azuread o365 persistence
3r 1t
high threat

Azure AD Tenant Wide Admin Consent Granted

Detection of admin consent granted to an application within an Azure AD tenant which could lead to data exfiltration and persistence.

Azure AD NOBELIUM Group azure persistence cloud
2r 1t
high threat

Azure AD Service Principal Owner Added

Detection of a new owner being added to an Azure AD Service Principal, potentially indicating persistence or privilege escalation by an attacker exploiting the lack of multi-factor authentication on service principals.

Azure Active Directory NOBELIUM Group azure cloud persistence privilege-escalation
2r 1t