In brief: Chinese threat actors remained undetected in Microsoft 365 tenants for 18 months, exploiting a Managed Service Provider as a base for supply chain attack scenarios.
Security researchers have uncovered a large-scale attack campaign targeting Microsoft 365 tenants, in which suspected Chinese hackers operated undetected for 18 months within the cloud infrastructure of multiple organizations and a Managed Service Provider (MSP).
The attackers gained access to Microsoft 365 environments across multiple organizations and infiltrated an MSP, providing them with leverage for further attacks on customer environments. The 18-month timeframe points to sophisticated persistence evasion — the actors apparently avoided typical detection signatures and operated below the threshold of standard security detection.
For CISOs, this case underscores structural weaknesses in standard monitoring of cloud tenants: Microsoft 365 offers extensive audit and logging capabilities, yet many organizations do not fully enable these features, outsource analysis, or lack resources for continuous threat hunting. Particularly critical is the compromise of the MSP, which served as an entry point for supply chain attacks.
Recommendations for such scenarios include: immediate review of M365 audit logs for anomalies (particularly login activities, forwarding rules, privilege escalation), activation of advanced threat protection functions (Microsoft Defender for Cloud Apps, Conditional Access policies), implementation of privileged access management, and regular review of MSP access privileges for legitimacy and scope.
Source: borncity.com · Published June 13, 2026
Lumi AI News — AI-assisted curation pursuant to Art. 50 EU AI Act. Paraphrasing and classification by Lumi News Pipeline v1.7.1.