Microsoft has warned in a blog post that as organizations increase their coverage of multifactor authentication (MFA), threat actors “have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA.”
According to Wikipedia, MFA is an electronic authentication method in which a user is granted access to a website or application only after successfully presenting 2 or more pieces of evidence to an authentication mechanism: knowledge, possession, and inherence.
Microsoft said of late, the Microsoft Detection and Response Team (DART) had seen an increase in attackers utilizing token theft for this purpose. By compromising & replaying a token issued to an identity that has already completed multifactor authentication, the threat actor satisfied the validation of MFA & got access to an organization’s resources, accordingly.
It has spelled out remedial measures that you can access here.
