Attackers abuse Microsoft’s 'verified publisher' status to steal data

Malicious OAuth apps were the tickets into victims' systems
Miscreants using malicious OAuth applications abused Microsoft's 'verified publisher' status to gain access to organizations' cloud environments, then steal data and pry into to users' mailboxes, calendars, and meetings.…