Exchange

In a recent cybersecurity incident, a China-based Advanced Persistent Threat (APT) actor known as Storm-0558 successfully accessed the Microsoft 365 cloud environment and exfiltrated unclassified Exchange Online Outlook data from a small number of accounts. This article provides a comprehensive analysis of the attack, Microsoft’s response, the identification of anomalous activity, recommendations for organizations, and the significance of baseline patterns