Government-sponsored hackers, who carry out cyberespionage campaigns, invest more resources than ever to find new ways of attacking the cloud. One of their preferred targets is Microsoft 365, previously called Office 365, a platform used by an increasing number of organizations of all sizes.

From an intelligence collector’s perspective, it makes sense to target it. “Microsoft 365 is a gold mine,” Doug Bienstock, incident response manager at Mandiant, tells CSO. “The vast majority of [an organization’s] data is probably going to be in Microsoft 365, whether it’s in the contents of individual emails, or files shared on SharePoint or OneDrive, or even Teams messages.”