Hybrid Attack Bulletin: Uncovering Salt Typhoon - The Silent Storm in Telco Cyberattacks >

Vectra AI Japan、ITR発行の最新レポート内「NDR市場」にて国内トップシェアを獲得

詳細を見る

Research & Insights

Expert insights from Vectra AI data scientists, product engineers and security researchers empower your SOC analysts to make faster, smarter decisions.

Up-level your SOC with insights from security experts at Vectra AI, based on real-world experiences defending hybrid enterprise environments.

Join our security researchers, data scientists, and analysts as we share 11+ years of security-AI research and expertise with the global cybersecurity community.

See the Vectra AI Platform in action.

See how integrated signal from Vectra AI lets you see and stop sophisticated attacks other technologies miss.

Take the interactive tour

Resources

Breaking news and expert insights

Blue Team Workshops, on-demand webinars and global events near you

Join our security researchers, data scientists, and analysts as we share 11+ years of security-AI research and expertise with the global cybersecurity community.

Research reports, attack anatomies, white papers, guides, datasheets and customer stories

Demo Videos & Tours

See the Vectra AI Platform in action.

See how integrated signal from Vectra AI lets you see and stop sophisticated attacks other technologies miss.

Take the interactive tour

Company

See why we’re the world leader in AI security

Request an intro with a Vectra AI security expert

Deployment guides, knowledge base, release notes and security announcements

Join the team behind the world’s first AI-based cybersecurity platform

Breaking news from Vectra AI

Expert insight from security researchers, data scientists and engineers

Vectra AI vs. Darktrace – Top Reasons Security teams prefer Vectra AI over Darktrace

Discover why security teams prefer Vectra AI over Darktrace for NDR. Learn about superior scalability, signal fidelity and seamless deployment options.

Back to all detections

M365 Internal Spearphishing

M365 Internal Spearphishing

Possible Root Causes

Example Scenarios

Business Impact

Steps to Investigate

MITRE ATT&CK Techniques

Related Detections

Detection overview

Triggers

A user was observed sending multiple emails to internal recipients which were flagged by O365 reputation scanning as likely phishing emails.

Possible Root Causes

An attacker has compromised a single account and is abusing its access and implicit trust within an organization to attack additional accounts via spearphishing emails.
Benign emails have been flagged as suspicious based on their content or attachments, which are most frequently associated with invoices sent to distribution lists.

Business Impact

Spearphishing is one of the predominant ways attackers gain and expand access to credentials within an environment and is particularly effective when utilizing the implicit trust of an internal sender.
Successful internal spearphishing campaigns result in broad access to a large range of resources within the environment, resulting in a significant increase in overall impact of a compromised account incident within an organization.

Steps to Verify

Review the details and contents of the email to validate it is malicious.
Review additional detections and events by the source user which may indicate their account has been compromised.
Validate the source user is aware of and sent the email that was flagged.

M365 Internal Spearphishing

Possible root causes

Malicious Detection

Benign Detection

M365 Internal Spearphishing

Example scenarios

M365 Internal Spearphishing

Business impact

If this detection indicates a genuine threat, the organization faces significant risks:

M365 Internal Spearphishing

Steps to investigate

M365 Internal Spearphishing

MITRE ATT&CK techniques covered

Internal Spearphishing

M365 Internal Spearphishing

Related detections

No items found.

FAQs