I recently worked with an organization who had a single Exchange Online mailbox become compromised. The mailbox credentials were stolen, and the attacker used them to send mail directly from the mailbox. This organization was going through a security analysis of the compromise and wanted to obtain the IP(s) that connected to this mailbox to send the outbound mail. No problem.
...(read more)↧