Lateral Movement - 1

2026 (2)

April (2)

security: Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

Microsoft Security Blog

2026-04-18

Threat actors are using external Microsoft Teams collaboration to impersonate IT helpdesk staff, trick users into granting remote access, and then abuse legitimate tools and admin protocols for lateral movement and data exfiltration. Microsoft Defender can help detect this activity across Teams, endpoint, and identity telemetry.

security: Containing a domain compromise: How predictive shielding shut down lateral movement

Microsoft Security Blog

2026-04-17

Microsoft describes a real-world domain compromise where exposure-based containment and predictive shielding slowed attacker activity, stopped credential abuse, and disrupted lateral movement. The post focuses on how containment reduced the threat actor’s momentum during the incident.