Compromised admin credentials; ransomware

Pattern · credential-stuffing

Credential stuffing against single-factor accounts

Pattern · credential-stuffing

Compromised credentials + no MFA on Citrix portal

Pattern · credential-stuffing

Password spray on legacy non-MFA test tenant; lateral movement via OAuth consent

Pattern · oauth-consent-phishing

SIM swap on phone associated with X account

Pattern · sim-swap

Stolen support session token via stored credential in personal Google account

Pattern · oauth-token-theft

Helpdesk social engineering

Pattern · helpdesk-social-engineering

Social engineering of employees for credentials

Pattern · helpdesk-social-engineering