Netcloud Experts wants to share an experience with our customers and/or visitors.
Hackers are exploiting a vulnerability that Azure Enterprise Application Services has.
By default, this service allows end users to consent applications on their own.
If a user mailbox gets compromised, the hacker can register an app on the tenant where his account belongs and consent all access to this mailbox.
We discovered an app named:” PERFECT DATA” used by the hacker to consent access to the user mailbox, including “Offline Access”.
“Offline Access” permission scope allows the hacker to keep accessing the user(s) mailbox regardless if the password and MFA are reset.
We highly recommend that you disable these two access as shown in the above screen and assign a security team to authorize the registration of any app in your tenant.