Alerts and Advisories

Advisory: The rise of Microsoft Office 365 compromise

Created:  07 Dec 2018
Updated:  07 Dec 2018
This NCSC advisory provides details on the compromise of Microsoft Office 365 and provides mitigation advice for organisations.
This advisory was first issued on CiSP on 4th December 2018

The NCSC is aware of several incidents involving the compromise of Office 365 accounts within the UK, including the use of such methods in targeted supply chain attacks. The ultimate objective of this type of targeting is not clear and the attacks appear not to be limited to any particular sector or attributed to any single threat actor.

This advisory outlines the different techniques used by cyber actors to compromise Office 365 and provides detailed guidance on steps an organisation can take to reduce the risk of such breaches occurring.   

You can download the advisory by using the downloads tab towards the top of this page.

O365 Compromise and mitigation advice.pdf

PDF, 190.23KB

This file may not be suitable for users of assistive technology.

O365 compromise & mitigation

Was this information helpful?

We need your feedback to improve this content.

Yes No