THREAT OPS › Threat News › Entra Agent ID: Inside a cross-tenant agent compromise
Entra Agent ID: Inside a cross-tenant agent compromise
Continuing our Agent ID series, this post demonstrates how a privileged agent could be compromised through its third-party blueprint. This leads to a cross-tenant incident similar to Midnight Blizzard, since an attacker with control over an agent blueprint can authenticate as any agent associated with that blueprint.
Attributed threat actors
- APT29G0016