Cyber Threat Report: 'Muddled Libra’s Evolution to the Cloud'

Researchers at Unit 42 report on evolution of the Muddled Libra group as the target SaaS (software-as-a-service) applications and CSP (cloud service provider) environments, leveraging data acquired for attack progression and extortion. The group uses social engineering to target administrative users, exploits identity providers for privilege escalation, and utilizes CSP services for data exfiltration. As well as outlining TTPs used by the group, the article suggests mitigations to defend against Muddled Libra, including implementing robust protections for Identity Portals and CSP identities.