Researchers Identify Growing Trend of Microsoft 365 Mailbox Rule Abuse

Researchers have identified a growing trend of attackers abusing Microsoft 365 mailbox rules as a stealthy post-compromise tactic to conceal malicious activity, exfiltrate data, and maintain persistent access after account compromise. The technique involves manipulating inbox rules to automatically forward, delete, or redirect emails without user awareness. No specific threat actors, dates, or CVE IDs were mentioned in relation to this threat. The abuse targets Microsoft 365 environments, leveraging built-in functionality rather than exploiting vulnerabilities. Impacts include data theft, prolonged unauthorized access, and evasion of detection by security tools.