An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks. Microsoft has suspended 18 Active Directory applications that were being leveraged for command-and-control (C2) infrastructure by what it says is a Chinese nation-state actor. Microsoft said the threat group has also stored stolen data in Microsoft s file hosting service and synchronization service, OneDrive; launched attacks using the open source PowershellEmpire toolkit.
Source: https://threatpost.com/microsoft-azure-chinese-hackers/159551/