{
	"id": "c816a3e4-41ac-4ca8-bde4-fb1afffe3d4e",
	"created_at": "2026-04-06T00:11:23.772471Z",
	"updated_at": "2026-04-10T13:11:37.005341Z",
	"deleted_at": null,
	"sha1_hash": "f40aebecc71ecd3a25d8238db5cd37753eb143ed",
	"title": "Phish, Click, Breach: Hunting for a Sophisticated Cyber Attack",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 210334,
	"plain_text": "Phish, Click, Breach: Hunting for a Sophisticated Cyber Attack\r\nBy Zophar\r\nPublished: 2024-10-15 · Archived: 2026-04-05 15:05:07 UTC\r\n\"}},\"componentScriptGroups({\\\"componentId\\\":\\\"custom.widget.SocialSharing\\\"})\":\r\n{\"__typename\":\"ComponentScriptGroups\",\"scriptGroups\":\r\n{\"__typename\":\"ComponentScriptGroupsDefinition\",\"afterInteractive\":\r\n{\"__typename\":\"PageScriptGroupDefinition\",\"group\":\"AFTER_INTERACTIVE\",\"scriptIds\":[]},\"lazyOnLoad\":\r\n{\"__typename\":\"PageScriptGroupDefinition\",\"group\":\"LAZY_ON_LOAD\",\"scriptIds\":[]}},\"componentScripts\":\r\n[]},\"component({\\\"componentId\\\":\\\"custom.widget.MicrosoftFooter\\\"})\":\r\n{\"__typename\":\"Component\",\"render({\\\"context\\\":{\\\"component\\\":{\\\"entities\\\":[],\\\"props\\\":{}},\\\"page\\\":{\\\"entities\\\":\r\n[\\\"message:4267916\\\"],\\\"name\\\":\\\"BlogMessagePage\\\",\\\"props\\\":\r\n{},\\\"url\\\":\\\"https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\\\"}}})\":{\"__typename\":\"ComponentRenderResult\",\"html\":\"\r\n\"}},\"componentScriptGroups({\\\"componentId\\\":\\\"custom.widget.MicrosoftFooter\\\"})\":\r\n{\"__typename\":\"ComponentScriptGroups\",\"scriptGroups\":\r\n{\"__typename\":\"ComponentScriptGroupsDefinition\",\"afterInteractive\":\r\n{\"__typename\":\"PageScriptGroupDefinition\",\"group\":\"AFTER_INTERACTIVE\",\"scriptIds\":[]},\"lazyOnLoad\":\r\n{\"__typename\":\"PageScriptGroupDefinition\",\"group\":\"LAZY_ON_LOAD\",\"scriptIds\":[]}},\"componentScripts\":\r\n[]},\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/community/NavbarDropdownToggle\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/messages/MessageCoverImage\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/messages/MessageCoverImage-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"shared/client/components/nodes/NodeTitle\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/messages/MessageTimeToRead\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/messages/MessageTimeToRead-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/messages/MessageSubject\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/messages/MessageSubject-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/users/UserLink\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/users/UserLink-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"shared/client/components/users/UserRank\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-shared/client/components/users/UserRank-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/messages/MessageTime\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/messages/MessageTime-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/messages/MessageBody\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/messages/MessageBody-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/messages/MessageCustomFields\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/messages/MessageCustomFields-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/messages/MessageRevision\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/messages/MessageRevision-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"shared/client/components/common/QueryHandler\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/tags/TagList\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/tags/TagList-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/messages/MessageReplyButton\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/messages/MessageReplyButton-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/messages/MessageAuthorBio\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/messages/MessageAuthorBio-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"shared/client/components/users/UserAvatar\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 1 of 44\n\nshared/client/components/users/UserAvatar-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"shared/client/components/ranks/UserRankLabel\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/tags/TagView/TagViewChip\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"components/users/UserRegistrationDate\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-components/users/UserRegistrationDate-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"shared/client/components/nodes/NodeAvatar\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-shared/client/components/nodes/NodeAvatar-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"shared/client/components/nodes/NodeDescription\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-shared/client/components/nodes/NodeDescription-1775111750899\"}],\"cachedText({\\\"lastModified\\\":\\\"1775111750899\\\",\\\"locale\\\":\\\"en-US\\\",\\\"namespaces\\\":\r\n[\\\"shared/client/components/nodes/NodeIcon\\\"]})\":[{\"__ref\":\"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1775111750899\"}]},\"Theme:customTheme1\":\r\n{\"__typename\":\"Theme\",\"id\":\"customTheme1\"},\"User:user:-1\":\r\n{\"__typename\":\"User\",\"id\":\"user:-1\",\"entityType\":\"USER\",\"eventPath\":\"community:gxcuf89792/user:-1\",\"uid\":-1,\"login\":\"Deleted\",\"email\":\"\",\"avatar\":\r\n{\"__typename\":\"RegistrationData\",\"status\":\"ANONYMOUS\",\"registrationTime\":null,\"confirmEmailStatus\":false,\"registrationAccessLevel\":\"VIEW\",\"ss\r\n[]},\"ssoId\":null,\"profileSettings\":{\"__typename\":\"ProfileSettings\",\"dateDisplayStyle\":\r\n{\"__typename\":\"InheritableStringSettingWithPossibleValues\",\"key\":\"layout.friendly_dates_enabled\",\"value\":\"false\",\"localValue\":\"true\",\"possibleValues\"\r\n[\"true\",\"false\"]},\"dateDisplayFormat\":\r\n{\"__typename\":\"InheritableStringSetting\",\"key\":\"layout.format_pattern_date\",\"value\":\"MMM dd yyyy\",\"localValue\":\"MM-dd-yyyy\"},\"language\":{\"__typename\":\"InheritableStringSettingWithPossibleValues\",\"key\":\"profile.language\",\"value\":\"en-US\",\"localValue\":null,\"possibleValues\":[\"en-US\",\"es-ES\"]},\"repliesSortOrder\":\r\n{\"__typename\":\"InheritableStringSettingWithPossibleValues\",\"key\":\"config.user_replies_sort_order\",\"value\":\"DEFAULT\",\"localValue\":\"DEFAULT\",\"po\r\n[\"DEFAULT\",\"LIKES\",\"PUBLISH_TIME\",\"REVERSE_PUBLISH_TIME\"]}},\"deleted\":false},\"CachedAsset:pages-1775111737667\":{\"__typename\":\"CachedAsset\",\"id\":\"pages-1775111737667\",\"value\":\r\n[{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"BlogViewAllPostsPage\",\"type\":\"BLOG\",\"urlPath\":\"/category/:categoryId/blog/:boardId/all-posts/(/:after|/:before)?\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"CasePortalPage\",\"type\":\"CASE_PORTAL\",\"urlPath\":\"/caseportal\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"CreateGroupHubPage\",\"type\":\"GROUP_HUB\",\"urlPath\":\"/groups/create\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"CaseViewPage\",\"type\":\"CASE_DETAILS\",\"urlPath\":\"/case/:caseId/:caseNumber\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"InboxPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/inbox\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"HelpFAQPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/help\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"IdeaMessagePage\",\"type\":\"IDEA_POST\",\"urlPath\":\"/idea/:boardId/:messageSubject/:messageId\",\"__typename\":\"PageDescriptor\"},\"__typename\"\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"IdeaViewAllIdeasPage\",\"type\":\"IDEA\",\"urlPath\":\"/category/:categoryId/ideas/:boardId/all-ideas/(/:after|/:before)?\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"LoginPage\",\"type\":\"USER\",\"urlPath\":\"/signin\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"WorkstreamsPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/workstreams\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"BlogPostPage\",\"type\":\"BLOG\",\"urlPath\":\"/category/:categoryId/blogs/:boardId/create\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageRes\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"UserBlogPermissions.Page\",\"type\":\"COMMUNITY\",\"urlPath\":\"/c/user-blog-permissions/page\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"ThemeEditorPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/designer/themes\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"TkbViewAllArticlesPage\",\"type\":\"TKB\",\"urlPath\":\"/category/:categoryId/kb/:boardId/all-articles/(/:after|/:before)?\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1730819800000,\"localOverride\":null,\"page\":\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 2 of 44\n\n{\"id\":\"AllEvents\",\"type\":\"CUSTOM\",\"urlPath\":\"/Events\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"OccasionEditPage\",\"type\":\"EVENT\",\"urlPath\":\"/event/:boardId/:messageSubject/:messageId/edit\",\"__typename\":\"PageDescriptor\"},\"__typename\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"OAuthAuthorizationAllowPage\",\"type\":\"USER\",\"urlPath\":\"/auth/authorize/allow\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"PageEditorPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/designer/pages\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"PostPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/category/:categoryId/:boardId/create\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResou\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"CreateUserGroup.Page\",\"type\":\"COMMUNITY\",\"urlPath\":\"/c/create-user-group/page\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"ForumBoardPage\",\"type\":\"FORUM\",\"urlPath\":\"/category/:categoryId/discussions/:boardId\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"Pag\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"TkbBoardPage\",\"type\":\"TKB\",\"urlPath\":\"/category/:categoryId/kb/:boardId\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"EventPostPage\",\"type\":\"EVENT\",\"urlPath\":\"/category/:categoryId/events/:boardId/create\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageR\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"UserBadgesPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/users/:login/:userId/badges\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResourc\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"GroupHubMembershipAction\",\"type\":\"GROUP_HUB\",\"urlPath\":\"/membership/join/:nodeId/:membershipType\",\"__typename\":\"PageDescriptor\"}\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"MaintenancePage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/maintenance\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"IdeaReplyPage\",\"type\":\"IDEA_REPLY\",\"urlPath\":\"/idea/:boardId/:messageSubject/:messageId/comments/:replyId\",\"__typename\":\"PageDescripto\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"UserSettingsPage\",\"type\":\"USER\",\"urlPath\":\"/mysettings/:userSettingsTab\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"GroupHubsPage\",\"type\":\"GROUP_HUB\",\"urlPath\":\"/groups\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"ForumPostPage\",\"type\":\"FORUM\",\"urlPath\":\"/category/:categoryId/discussions/:boardId/create\",\"__typename\":\"PageDescriptor\"},\"__typename\":\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"OccasionRsvpActionPage\",\"type\":\"OCCASION\",\"urlPath\":\"/event/:boardId/:messageSubject/:messageId/rsvp/:responseType\",\"__typename\":\"Pag\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"VerifyUserEmailPage\",\"type\":\"USER\",\"urlPath\":\"/verifyemail/:userId/:verifyEmailToken\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageR\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"AllOccasionsPage\",\"type\":\"OCCASION\",\"urlPath\":\"/category/:categoryId/events/:boardId/all-events/(/:after|/:before)?\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"EventBoardPage\",\"type\":\"EVENT\",\"urlPath\":\"/category/:categoryId/events/:boardId\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResou\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"TkbReplyPage\",\"type\":\"TKB_REPLY\",\"urlPath\":\"/kb/:boardId/:messageSubject/:messageId/comments/:replyId\",\"__typename\":\"PageDescriptor\"}\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"IdeaBoardPage\",\"type\":\"IDEA\",\"urlPath\":\"/category/:categoryId/ideas/:boardId\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"CommunityGuideLinesPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/communityguidelines\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageR\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"CaseCreatePage\",\"type\":\"SALESFORCE_CASE_CREATION\",\"urlPath\":\"/caseportal/create\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"Pa\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"TkbEditPage\",\"type\":\"TKB\",\"urlPath\":\"/kb/:boardId/:messageSubject/:messageId/edit\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageRes\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"ForgotPasswordPage\",\"type\":\"USER\",\"urlPath\":\"/forgotpassword\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"IdeaEditPage\",\"type\":\"IDEA\",\"urlPath\":\"/idea/:boardId/:messageSubject/:messageId/edit\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageR\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"TagPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/tag/:tagName\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"BlogBoardPage\",\"type\":\"BLOG\",\"urlPath\":\"/category/:categoryId/blog/:boardId\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"OccasionMessagePage\",\"type\":\"OCCASION_TOPIC\",\"urlPath\":\"/event/:boardId/:messageSubject/:messageId\",\"__typename\":\"PageDescriptor\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"ManageContentPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/managecontent\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 3 of 44\n\n{\"id\":\"ClosedMembershipNodeNonMembersPage\",\"type\":\"GROUP_HUB\",\"urlPath\":\"/closedgroup/:groupHubId\",\"__typename\":\"PageDescriptor\"},\"__t\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"CommunityPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"ForumMessagePage\",\"type\":\"FORUM_TOPIC\",\"urlPath\":\"/discussions/:boardId/:messageSubject/:messageId\",\"__typename\":\"PageDescriptor\"},\"\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"IdeaPostPage\",\"type\":\"IDEA\",\"urlPath\":\"/category/:categoryId/ideas/:boardId/create\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResou\r\n{\"lastUpdatedTime\":1730819800000,\"localOverride\":null,\"page\":\r\n{\"id\":\"CommunityHub.Page\",\"type\":\"CUSTOM\",\"urlPath\":\"/Directory\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"BlogMessagePage\",\"type\":\"BLOG_ARTICLE\",\"urlPath\":\"/blog/:boardId/:messageSubject/:messageId\",\"__typename\":\"PageDescriptor\"},\"__typen\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"RegistrationPage\",\"type\":\"USER\",\"urlPath\":\"/register\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"EditGroupHubPage\",\"type\":\"GROUP_HUB\",\"urlPath\":\"/group/:groupHubId/edit\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"ForumEditPage\",\"type\":\"FORUM\",\"urlPath\":\"/discussions/:boardId/:messageSubject/:messageId/edit\",\"__typename\":\"PageDescriptor\"},\"__typena\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"ResetPasswordPage\",\"type\":\"USER\",\"urlPath\":\"/resetpassword/:userId/:resetPasswordToken\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"Pa\r\n{\"lastUpdatedTime\":1730819800000,\"localOverride\":null,\"page\":\r\n{\"id\":\"AllBlogs.Page\",\"type\":\"CUSTOM\",\"urlPath\":\"/blogs\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"TkbMessagePage\",\"type\":\"TKB_ARTICLE\",\"urlPath\":\"/kb/:boardId/:messageSubject/:messageId\",\"__typename\":\"PageDescriptor\"},\"__typename\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"BlogEditPage\",\"type\":\"BLOG\",\"urlPath\":\"/blog/:boardId/:messageSubject/:messageId/edit\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"Page\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"ManageUsersPage\",\"type\":\"USER\",\"urlPath\":\"/users/manage/:tab?/:manageUsersTab?\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageRes\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"ForumReplyPage\",\"type\":\"FORUM_REPLY\",\"urlPath\":\"/discussions/:boardId/:messageSubject/:messageId/replies/:replyId\",\"__typename\":\"PageD\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"PrivacyPolicyPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/privacypolicy\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"NotificationPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/notifications\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"UserPage\",\"type\":\"USER\",\"urlPath\":\"/users/:login/:userId\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"HealthCheckPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/health\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"OccasionReplyPage\",\"type\":\"OCCASION_REPLY\",\"urlPath\":\"/event/:boardId/:messageSubject/:messageId/comments/:replyId\",\"__typename\":\"P\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"ManageMembersPage\",\"type\":\"GROUP_HUB\",\"urlPath\":\"/group/:groupHubId/manage/:tab?\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"P\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"SearchResultsPage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/search\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"BlogReplyPage\",\"type\":\"BLOG_REPLY\",\"urlPath\":\"/blog/:boardId/:messageSubject/:messageId/replies/:replyId\",\"__typename\":\"PageDescriptor\"\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"GroupHubPage\",\"type\":\"GROUP_HUB\",\"urlPath\":\"/group/:groupHubId\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"TermsOfServicePage\",\"type\":\"COMMUNITY\",\"urlPath\":\"/termsofservice\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"CategoryPage\",\"type\":\"CATEGORY\",\"urlPath\":\"/category/:categoryId\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"ForumViewAllTopicsPage\",\"type\":\"FORUM\",\"urlPath\":\"/category/:categoryId/discussions/:boardId/all-topics/(/:after|/:before)?\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\"},\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"TkbPostPage\",\"type\":\"TKB\",\"urlPath\":\"/category/:categoryId/kbs/:boardId/create\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"PageResource\r\n{\"lastUpdatedTime\":1775111737667,\"localOverride\":null,\"page\":\r\n{\"id\":\"GroupHubPostPage\",\"type\":\"GROUP_HUB\",\"urlPath\":\"/group/:groupHubId/:boardId/create\",\"__typename\":\"PageDescriptor\"},\"__typename\":\"Pa\r\ncomponents/context/AppContext/AppContextProvider-0\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/context/AppContext/AppContextProvider-0\",\"value\":{\"noCommunity\":\"Cannot find\r\ncommunity\",\"noUser\":\"Cannot find current user\",\"noNode\":\"Cannot find node with id {nodeId}\",\"noMessage\":\"Cannot\r\nfind message with id {messageId}\",\"userBanned\":\"We're sorry, but you have been banned from using this\r\nsite.\",\"userBannedReason\":\"You have been banned for the following reason:\r\n{reason}\"},\"localOverride\":false},\"CachedAsset:text:en_US-shared/client/components/common/Loading/LoadingDot-0\":\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 4 of 44\n\n{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-shared/client/components/common/Loading/LoadingDot-0\",\"value\":\r\n{\"title\":\"Loading...\"},\"localOverride\":false},\"AssociatedImage:\r\n{\\\"url\\\":\\\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/cmstNC05WEo0blc\\\"}\":\r\n{\"__typename\":\"AssociatedImage\",\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/cmstNC05WEo0blc\",\"height\":512,\"width\":512,\"\r\n{\"__typename\":\"Rank\",\"id\":\"rank:4\",\"position\":2,\"name\":\"Microsoft\",\"color\":\"333333\",\"icon\":{\"__ref\":\"AssociatedImage:\r\n{\\\"url\\\":\\\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/cmstNC05WEo0blc\\\"}\"},\"rankStyle\":\"OUTLINE\"},\"User:user:2592816\":\r\n{\"__typename\":\"User\",\"id\":\"user:2592816\",\"uid\":2592816,\"login\":\"Zophar\",\"deleted\":false,\"avatar\":\r\n{\"__typename\":\"UserAvatar\",\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/dS0yNTkyODE2LTYwNDYyM2k1QTM2MDU5ODB\r\n{\"__ref\":\"Rank:rank:4\"},\"email\":\"\",\"messagesCount\":9,\"biography\":null,\"topicsCount\":9,\"kudosReceivedCount\":9,\"kudosGivenCount\":0,\"kudosWeight\"\r\n{\"__typename\":\"RegistrationData\",\"status\":null,\"registrationTime\":\"2024-07-24T11:02:51.653-\r\n07:00\",\"confirmEmailStatus\":null},\"followersCount\":null,\"solutionsCount\":0},\"Category:category:microsoft-security-product\":{\"__typename\":\"Category\",\"id\":\"category:microsoft-security-product\",\"entityType\":\"CATEGORY\",\"displayId\":\"microsoft-security-product\",\"nodeType\":\"category\",\"depth\":4,\"title\":\"Microsoft Security\",\"shortTitle\":\"Microsoft Security\",\"parent\":\r\n{\"__ref\":\"Category:category:microsoft-security\"}},\"Category:category:top\":\r\n{\"__typename\":\"Category\",\"id\":\"category:top\",\"entityType\":\"CATEGORY\",\"displayId\":\"top\",\"nodeType\":\"category\",\"depth\":0,\"title\":\"Top\",\"shortTitle\"\r\n{\"__typename\":\"Category\",\"id\":\"category:communities\",\"entityType\":\"CATEGORY\",\"displayId\":\"communities\",\"nodeType\":\"category\",\"depth\":1,\"paren\r\n{\"__ref\":\"Category:category:top\"},\"title\":\"Communities\",\"shortTitle\":\"Communities\"},\"Category:category:products-services\":{\"__typename\":\"Category\",\"id\":\"category:products-services\",\"entityType\":\"CATEGORY\",\"displayId\":\"products-services\",\"nodeType\":\"category\",\"depth\":2,\"parent\":\r\n{\"__ref\":\"Category:category:communities\"},\"title\":\"Products\",\"shortTitle\":\"Products\"},\"Category:category:microsoft-security\":{\"__typename\":\"Category\",\"id\":\"category:microsoft-security\",\"entityType\":\"CATEGORY\",\"displayId\":\"microsoft-security\",\"nodeType\":\"category\",\"depth\":3,\"parent\":\r\n{\"__ref\":\"Category:category:products-services\"},\"title\":\"Microsoft Security\",\"shortTitle\":\"Microsoft\r\nSecurity\",\"categoryPolicies\":{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Blog:board:MicrosoftSecurityExperts\":\r\n{\"__typename\":\"Blog\",\"id\":\"board:MicrosoftSecurityExperts\",\"entityType\":\"BLOG\",\"displayId\":\"MicrosoftSecurityExperts\",\"nodeType\":\"board\",\"depth\r\n{\"__typename\":\"RepliesProperties\",\"sortOrder\":\"REVERSE_PUBLISH_TIME\",\"repliesFormat\":\"threaded\"},\"tagProperties\":\r\n{\"__typename\":\"TagNodeProperties\",\"tagsEnabled\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}},\"requireTags\":true,\"tagType\":\"PRESET_ONLY\",\"description\":\"\",\"title\":\"Microsoft\r\nSecurity Experts Blog\",\"shortTitle\":\"Microsoft Security Experts Blog\",\"parent\":{\"__ref\":\"Category:category:microsoft-security-product\"},\"ancestors\":{\"__typename\":\"CoreNodeConnection\",\"edges\":[{\"__typename\":\"CoreNodeEdge\",\"node\":\r\n{\"__ref\":\"Community:community:gxcuf89792\"}},{\"__typename\":\"CoreNodeEdge\",\"node\":\r\n{\"__ref\":\"Category:category:communities\"}},{\"__typename\":\"CoreNodeEdge\",\"node\":\r\n{\"__ref\":\"Category:category:products-services\"}},{\"__typename\":\"CoreNodeEdge\",\"node\":\r\n{\"__ref\":\"Category:category:microsoft-security\"}},{\"__typename\":\"CoreNodeEdge\",\"node\":\r\n{\"__ref\":\"Category:category:microsoft-security-product\"}}]},\"userContext\":\r\n{\"__typename\":\"NodeUserContext\",\"canAddAttachments\":false,\"canUpdateNode\":false,\"canPostMessages\":false,\"isSubscribed\":false},\"theme\":\r\n{\"__ref\":\"Theme:customTheme1\"},\"boardPolicies\":{\"__typename\":\"BoardPolicies\",\"canViewSpamDashBoard\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":\r\n{\"__typename\":\"FailureReason\",\"message\":\"error.lithium.policies.feature.moderation_spam.action.access_spam_quarantine.allowed.accessDenied\",\"key\"\r\n[]}},\"canArchiveMessage\":{\"__typename\":\"PolicyResult\",\"failureReason\":\r\n{\"__typename\":\"FailureReason\",\"message\":\"error.lithium.policies.content_archivals.enable_content_archival_settings.accessDenied\",\"key\":\"error.lithium\r\n[]}},\"canPublishArticleOnCreate\":{\"__typename\":\"PolicyResult\",\"failureReason\":\r\n{\"__typename\":\"FailureReason\",\"message\":\"error.lithium.policies.forums.policy_can_publish_on_create_workflow_action.accessDenied\",\"key\":\"error.lit\r\n[]}}},\"linkProperties\":\r\n{\"__typename\":\"LinkProperties\",\"isExternalLinkWarningEnabled\":false}},\"BlogTopicMessage:message:4267916\":\r\n{\"__typename\":\"BlogTopicMessage\",\"uid\":4267916,\"subject\":\"Phish, Click, Breach: Hunting for a Sophisticated Cyber\r\nAttack\",\"id\":\"message:4267916\",\"entityType\":\"BLOG_ARTICLE\",\"eventPath\":\"category:microsoft-security-product/category:microsoft-security/category:products-services/category:communities/community:gxcuf89792board:MicrosoftSecurityExperts/message:4267916\",\"revisionNum\":16,\"repliesCount\":0,\"author\":\r\n{\"__ref\":\"User:user:2592816\"},\"depth\":0,\"hasGivenKudo\":false,\"board\":\r\n{\"__ref\":\"Blog:board:MicrosoftSecurityExperts\"},\"conversation\":\r\n{\"__ref\":\"Conversation:conversation:4267916\"},\"messagePolicies\":\r\n{\"__typename\":\"MessagePolicies\",\"canPublishArticleOnEdit\":{\"__typename\":\"PolicyResult\",\"failureReason\":\r\n{\"__typename\":\"FailureReason\",\"message\":\"error.lithium.policies.forums.policy_can_publish_on_edit_workflow_action.accessDenied\",\"key\":\"error.lithi\r\n[]}},\"canModerateSpamMessage\":{\"__typename\":\"PolicyResult\",\"failureReason\":\r\n{\"__typename\":\"FailureReason\",\"message\":\"error.lithium.policies.feature.moderation_spam.action.moderate_entity.allowed.accessDenied\",\"key\":\"error.li\r\n[]}},\"canReply\":{\"__typename\":\"PolicyResult\",\"failureReason\":\r\n{\"__typename\":\"FailureReason\",\"message\":\"error.lithium.policies.forums.action.message.reply_to_entity.allow.accessDenied\",\"key\":\"error.lithium.polici\r\n[]}},\"canAcceptSolution\":{\"__typename\":\"PolicyResult\",\"failureReason\":\r\n{\"__typename\":\"FailureReason\",\"message\":\"error.lithium.policies.accepted_solutions.action_allow.message.mark_as_accepted_solution.accessDenied\",\"k\r\n[]}},\"canRejectSolution\":{\"__typename\":\"PolicyResult\",\"failureReason\":\r\n{\"__typename\":\"FailureReason\",\"message\":\"error.lithium.policies.accepted_solutions.action_allow.message.unmark_as_accepted_solution.accessDenied\"\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 5 of 44\n\n[]}},\"canTag\":{\"__typename\":\"PolicyResult\",\"failureReason\":\r\n{\"__typename\":\"FailureReason\",\"message\":\"error.lithium.policies.labels.action.labelableentity.set_labels.allow.accessDenied\",\"key\":\"error.lithium.policie\r\n[]}},\"canEdit\":{\"__typename\":\"PolicyResult\",\"failureReason\":\r\n{\"__typename\":\"FailureReason\",\"message\":\"error.lithium.policies.forums.action_allow.edit_message.accessDenied\",\"key\":\"error.lithium.policies.forums.\r\n[]}},\"canKudo\":{\"__typename\":\"PolicyResult\",\"failureReason\":\r\n{\"__typename\":\"FailureReason\",\"message\":\"error.lithium.policies.kudos.action.entity.give_kudos.allow.accessDenied\",\"key\":\"error.lithium.policies.kudo\r\n[]}}},\"contentWorkflow\":\r\n{\"__typename\":\"ContentWorkflow\",\"state\":\"PUBLISH\",\"scheduledPublishTime\":null,\"scheduledTimezone\":null,\"userContext\":\r\n{\"__typename\":\"MessageWorkflowContext\",\"canSubmitForReview\":null,\"canEdit\":false,\"canRecall\":null,\"canSubmitForPublication\":null,\"canReturnTo\r\n{\"__ref\":\"ModerationData:moderation_data:4267916\"},\"teaser\":\"\\n\r\nThreat actors make problems for users and then offer to fix them.  With an RMM tool and user clicks, they are in.  \r\n\",\"body\":\"\r\nAuthors:\r\n\\n\r\n-Gourav Khandelwal (@Gourav_Khandelwal)\r\n\\n\r\n-Akash Chaudhuri (@AkashChaudhuri)\r\n\\n\r\n-Matthew Mesa (@matthewmesa)\r\n\\n\r\n-Sagar Patil (@Sagar256) \r\n\\n\r\n-Uri Oren (@orenuri)\r\n\\n\r\n-Krithika Ramakrishnan (@krithikar)\r\n\\n\\n\\n\\n\r\nSince April 2024, we have observed a significant increase in Teams phishing attacks, which have led to endpoint-related\r\nincidents, particularly through the abuse of Remote Monitoring and Management (RMM) tools such as Quick Assist (Ref :\r\nThreat actors misusing Quick Assist in social engineering attacks leading to ransomware | Microsoft Security Blog), and\r\nother tools such as Any Desk, and Team Viewer.\r\n\\n\\n\r\nInitially, the attack began with a spam flood, followed by the attacker impersonating the Help Desk on Teams. The attacker\r\nwould contact the user via Teams, send a malicious link to start the RMM session, and deliver the harmful payload during\r\nthe session. This would lead to hands-on keyboard activity, data exfiltration, and ultimately result in ransomware attacks.\r\n\\n\\n\r\nOver time, the attack method evolved. The attackers now directly reach out to users on Teams, impersonating the service\r\ndesk. Once the user accepts the Teams invite, the attacker provides a SharePoint link containing malicious payloads, which\r\ncould lead to critical security breaches. Recent trends in social engineering attacks highlight this adaptability, with attackers\r\nvarying their tactics based on the target. For instance, they might use a SharePoint link for one victim while opting for a\r\ndifferent hosting platform for another on the same day. Moreover, attackers are moving beyond traditional link-based\r\nstrategies by persuading users to install remote access software like AnyDesk and TeamViewer or convincing them to\r\ninitiate connections via Microsoft's Quick Assist, which is installed by default in the Windows Operating System.\r\n\\n\\n\r\nMicrosoft continues to aggressively combat threats, such as halting notorious DarkGate, which is a very capable malware.\r\nSince December 2023, Microsoft Threat Intelligence has been tracking Storm-1674 attacker group misusing App Installers\r\nwith Teams Phishing as the initial access vector (Ref : Intel Article - Microsoft Defender). In this scenario, the attacker\r\nconvinces the user that they are interacting with the service desk, allowing the attacker to perform malicious activities on the\r\ndevice through Remote Monitoring and Management (RMM) tools. What makes this attack unique is that each attack kill\r\nchain is different, as every payload varies.\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 6 of 44\n\n\\n\\n\r\nThe activity is attributed to Storm-1811 and Storm-1674 by Microsoft Threat Intelligence.\r\n\\n\r\nIn this blog, we will walk through one of the observed scenarios and discuss hunting approaches for detecting such attacks.\r\n\\n\\n\\n\\n\\n\\n\\n\r\nIn the majority of the attacks observed, impersonation of the IT desk in a one-on-one Teams conversation from attacker\r\nowned tenants. Attackers also call the users on Teams, create meetings and send chat messages that contain malicious URLs\r\nor attachments to through the meeting's chat feature.\r\n\\n\r\nThe tenants were usually newly created in a span of less than 7 days. In a few scenarios, the Teams Phishing was preceded\r\nby a spam flood with more than 1000+ emails every hour. This was used to set the context for the attacker to call the user\r\nimpersonating the help desk under the pretext of fixing the spam flood.\r\n\\n\r\nThe attacks were highly targeted, with attackers focusing on at least three users per tenant through Teams phishing. By\r\naggregating the number of users targeted by an external user from a tenant every hour, we can identify these attacks more\r\neffectively.\r\n\\n\\n\\n\\n\\n\\n\r\nEmailEvents \r\n\\n\r\n| where Timestamp \u003e ago(1d)\r\n\\n\r\n| where EmailDirection == \\\"Inbound\\\" \r\n\\n\r\n| make-series Emailcount = count() \r\n\\n\r\n              on Timestamp step 1h by RecipientObjectId \r\n\\n\r\n| extend (Anomalies, AnomalyScore, ExpectedEmails) = series_decompose_anomalies(Emailcount) \r\n\\n\r\n| mv-expand Emailcount, Anomalies, AnomalyScore, ExpectedEmails to typeof(double), Timestamp \r\n\\n\r\n| where Anomalies != 0 \r\n\\n\r\n| where AnomalyScore \u003e= 10 \r\n\\n\\n\r\nHunt for Suspicious External Teams messages\r\n\\n\\n\r\nCloudAppEvents\r\n\\n\r\n where Timestamp \u003e ago(1d)\r\n\\n\r\n|where  ApplicationId == 28375\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 7 of 44\n\n\\n\r\n// This action type is recorded when a new chat is created with the user\r\n\\n\r\n| where ActionType == \\\"ChatCreated\\\"\r\n\\n\r\n// This field records the sender’s Account Object ID, since the sender is a third party, the field is expected to be empty\r\n\\n\r\n| where isempty(AccountObjectId)\r\n\\n\r\n// Validation for the message being sent from a Foreign tenant\r\n\\n\r\n| where tobool(RawEventData.ParticipantInfo.HasForeignTenantUsers) == true \r\n\\n\r\n| where RawEventData.CommunicationType == \\\"OneOnOne\\\"\r\n\\n\r\n// Validation that the conversation is not initiated from a guest tenant\r\n\\n\r\n| where tobool(RawEventData.ParticipantInfo.HasGuestUsers) == false\r\n\\n\r\n| where tobool(RawEventData.ParticipantInfo.HasOtherGuestUsers) == false\r\n\\n\r\n// Validation that the sender is not recognized. If the sender is not recognized, only the email address is populated here\r\n\\n\r\n| where AccountId has \\\"@\\\"\r\n\\n\\n\r\nThis query can also be appended with aggregation by sender tenant to identify targeted attempts:\r\n\\n\\n\r\n| extend TargetUserUPN = tolower(tostring(RawEventData.Members[1].UPN))\r\n\\n\r\n| extend  TargetTenant = tostring(RawEventData.OrganizationId)\r\n\\n\r\n| extend  AttackerTenant = tostring(RawEventData.Members[0].OrganizationId)\r\n\\n\r\n| extend  AttackerUPN = tostring(RawEventData.Members[0].UPN)\r\n\\n\r\n| extend  AttackerName = tostring(RawEventData.Members[0].DisplayName)\r\n\\n\r\n|summarize summarize UsersTargeted = dcount(TargetUserUPN ) by AttackerTenant, AttackerUPN, bin(Timestamp, 1h)\r\n\\n\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 8 of 44\n\n|where  UsersTargeted \u003e= 2\r\n\\n\\n\\n\\n\\n\r\nIn cases involving spam floods, the attacker will often call the user via Teams and persuade them to open the Quick Assist\r\napplication (one of the most targeted RMM applications) and provide the access code. Once the user shares the code, the\r\nattacker gains access to the device. If the user also approves the \\\"Request control\\\" prompt, the attacker gains full control\r\nover the device.\r\n\\n\\n\\n\\n\\n\\n\r\nlet interestingUsers = DeviceProcessEvents\r\n\\n\r\n| where Timestamp \u003e ago(1h)\r\n\\n\r\n| where isnotempty(InitiatingProcessAccountObjectId)\r\n\\n\r\n|where FileName has_any (“quickassist.exe”, “anydesk.exe”, “teamviewer_service.exe”)    // Multiple RMM tools can be\r\nabused here\r\n\\n\r\n | project InitiatingProcessAccountUpn;\r\n\\n\r\nCloudAppEvents\r\n\\n\r\n| where Timestamp \u003e ago(1d)\r\n\\n\r\n| where Application == \\\"Microsoft Teams\\\" \r\n\\n\r\n| where ActionType == \\\"ChatCreated\\\" \r\n\\n\r\n| where isempty(AccountObjectId)\r\n\\n\r\n| where RawEventData.ParticipantInfo.HasForeignTenantUsers == true \r\n\\n\r\n| where RawEventData.CommunicationType == \\\"OneOnOne\\\" \r\n\\n\r\n| where RawEventData.ParticipantInfo.HasGuestUsers == false \r\n\\n\r\n| where RawEventData.ParticipantInfo.HasOtherGuestUsers == false \r\n\\n\r\n| where AccountId has \\\"@\\\"\r\n\\n\r\n| extend TargetUPN = tolower(tostring(RawEventData.Members[1].UPN))\r\n\\n\r\n| where TargetUPN  in (interestingUsers )\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 9 of 44\n\n\\n\r\n| extend VictimTenant = tostring(RawEventData.OrganizationId)\r\n\\n\r\n| extend AttackerTenant = RawEventData.Members[0].OrganizationId\r\n\\n\r\n| extend AttackerUPN = RawEventData.Members[0].UPN\r\n\\n\r\n| extend AttackerName = RawEventData.Members[0].DisplayName\r\n\\n\\n\\n\\n\r\nThe Storm-1811 actor calls users on Teams, then abuses RMM tools to deploy payloads and initiate credential theft for\r\ninitial access. And, the Storm-1674 actor either calls users or uses Teams chat to deliver malicious payloads via phishing\r\nlinks hosted on file-sharing services usually like SharePoint.\r\n\\n\\n\\n\\n\r\nIn addition to the Teams phishing activities recorded in CloudAppEvents telemetry, clicks on SharePoint URLs are logged in\r\nthe UrlClickEvents table. Correlating suspicious signals on devices with UrlClickEvents table can help identify and\r\nhighlight this activity.\r\n\\n\\n\r\nCorrelating URL click events on alerted devices\r\n\\n\\n\r\nlet alertedDevices = AlertEvidence\r\n\\n\r\n | where Timestamp \u003e ago(1h)\r\n\\n\r\n | where isnotempty(DeviceId)\r\n\\n\r\n|distinct DeviceId;\r\n\\n\r\nlet interestedUsers = DeviceProcessEvents\r\n\\n\r\n| where Timestamp \u003e ago(1h)\r\n\\n\r\n| where DeviceId in (alertedDevices)\r\n\\n\r\n| where isnotempty(InitiatingProcessAccountUpn)\r\n\\n\r\n| distinct InitiatingProcessAccountUpn;\r\n\\n\r\nUrlClickEvents\r\n\\n\r\n| where Timestamp \u003e ago(1d)\r\n\\n\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 10 of 44\n\n| where ActionType == \\\"ClickAllowed\\\" or IsClickedThrough !=\\\"0\\\"\r\n\\n\r\n| where Workload has “Teams”\r\n\\n\r\n| where AccountUpn in (interestedUsers)\r\n\\n\\n\\n\\n\r\nAfter taking control of the target user’s device through RMM, the attacker executes a script under the pretext of fixing the\r\nspam flood activity. The name of the script also justifies the intent to convince the user for the next steps (Eg : Spam Filter\r\nUpdate). When the script is executed, it prompts the target user to provide the credentials, persuaded by the attacker.\r\n\\n\\n\r\nIn a few other scenarios, the attacker also redirects the user to an AiTM phishing page to complete the sign-in with MFA to\r\ncompromise the session token.\r\n\\n\\n\\n\\n\r\nThese compromises can be identified by correlating risky sign-in attempts with Teams phishing from external tenants. The\r\nbelow query can be used to identify identity compromises (Adversary-in-the-middle attack) through Teams messages with\r\nmalicious links/attachments as well:\r\n\\n\\n\r\nlet usersWithRiskySignIn = AADSignInEventsBeta\r\n\\n\r\n |where Timestamp \u003e ago(1h)\r\n\\n\r\n |where RiskLevelDuringSignIn == 100\r\n\\n\r\n|project AccountUpn;\r\n\\n\r\nCloudAppEvents\r\n\\n\r\n| where Timestamp \u003e ago(1d)\r\n\\n\r\n| where Application == \\\"Microsoft Teams\\\" \r\n\\n\r\n| where ActionType == \\\"ChatCreated\\\" \r\n\\n\r\n| where isempty(AccountObjectId)\r\n\\n\r\n| where RawEventData.ParticipantInfo.HasForeignTenantUsers == true \r\n\\n\r\n| where RawEventData.CommunicationType == \\\"OneOnOne\\\" \r\n\\n\r\n| where RawEventData.ParticipantInfo.HasGuestUsers == false \r\n\\n\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 11 of 44\n\n| where RawEventData.ParticipantInfo.HasOtherGuestUsers == false \r\n\\n\r\n| where AccountId has \\\"@\\\"\r\n\\n\r\n| extend TargetUPN = tolower(tostring(RawEventData.Members[1].UPN))\r\n\\n\r\n| where TargetUPN  in (interestingUsers )\r\n\\n\r\n| extend TargetTenant = tostring(RawEventData.OrganizationId)\r\n\\n\r\n| extend AttackerTenant = RawEventData.Members[0].OrganizationId\r\n\\n\r\n|where TargetTenant != AttackerTenant\r\n\\n\r\n| extend AttackerUPN = RawEventData.Members[0].UPN\r\n\\n\r\n| extend AttackerName = RawEventData.Members[0].DisplayName\r\n\\n\r\n|project project-reorder Timestamp, AttackerTenant, AttackerUPN, AttackerName, TargetUPN \r\n\\n\\n\\n\\n\r\nUsing a scripted cURL command, the attacker downloads additional payloads in an RMM session, or shares a SharePoint\r\nlink on Microsoft Teams with payloads and tools (like NetSupport RAT). In a few scenarios, an SSH connection was also\r\nsetup with the attacker’s machine.\r\n\\n\\n\\n\\n\\n\r\nIn conjunction with RMM tools, attackers use various command-line utilities to manipulate Active Directory (AD)\r\nenvironments. One such utility is Csvde, a command-line tool that imports and exports data from Active Directory Domain\r\nServices (AD DS). Csvde can be exploited by threat actors to extract sensitive AD information or to introduce malicious\r\nentries into the directory, further compromising the security of the environment.\r\n\\n\\n\r\nDetect suspicious file downloads\r\n\\n\\n\r\nDeviceNetworkEvents\r\n\\n\r\n| where InitiatingProcessFileName in~ (\\\"curl.exe\\\", \\\"powershell.exe\\\", \\\"certutil.exe\\\", \\\"bitsadmin.exe\\\")\r\n\\n\r\n| where RemoteIPType == \\\"Public\\\"\r\n\\n\r\n| where RemoteUrl endswith \\\".exe\\\" or RemoteUrl endswith \\\".dll\\\" or RemoteUrl endswith \\\".zip\\\"\r\n\\n\r\n| project Timestamp, DeviceId, InitiatingProcessFileName, RemoteIP, RemoteUrl\r\n\\n\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 12 of 44\n\n| extend AlertType = \\\"Suspicious file download from unknown IP address\\\"\r\n\\n\\n\\n\r\nDetection of csvde.exe Download and AD Enumeration\r\n\\n\\n\r\n// Detect curl downloading csvde.exe\r\n\\n\r\nlet csvde_download =   DeviceProcessEvents\r\n\\n\r\n    | where InitiatingProcessFileName =~\\\"cmd.exe\\\"\r\n\\n\r\n    | where ProcessCommandLine has_all (\\\"curl\\\",\\\"-o\\\",\\\"csvde.exe\\\",\\\"http:\\\")\r\n\\n\r\n    |  project DeviceId,Timestamp,CurlCommandLine=ProcessCommandLine, CurlProcessId = ProcessId;\r\n\\n\r\n// Detect execution of csvde.exe with specific parameters\r\n\\n\r\nlet csvde_execution =\r\n\\n\r\n    DeviceProcessEvents\r\n\\n\r\n    | where FileName =~ \\\"csvde.exe\\\"\r\n\\n\r\n    | where ProcessCommandLine has_all  (\\\"-r\\\",\\\"objectClass=Computer\\\")\r\n\\n\r\n        and ProcessCommandLine has_all (\\\"-l\\\",\\\"samAccountName\\\",\\\"description\\\",\\\"info\\\",\\\"operatingSystem\\\")\r\n\\n\r\n        and ProcessCommandLine contains \\\"-f\\\"\r\n\\n\r\n   |  project DeviceId,Timestamp, CsvdeCommandLine= ProcessCommandLine,CsvdeProcessId = ProcessId;\r\n\\n\r\nJoin the two events and look for them occurring within 5 minutes\r\n\\n\r\ncsvde_download\r\n\\n\r\n| join kind=inner (\r\n\\n\r\n    csvde_execution\r\n\\n\r\n) on DeviceId\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 13 of 44\n\n\\n\r\n| where Timestamp  between (Timestamp1 .. Timestamp1 + 5m)\r\n\\n\r\n| extend   AlertType = \\\"Potential Active Directory Enumeration\\\",  Details = strcat(\\\"curl.exe was used to download\r\ncsvde.exe, which was then executed to enumerate AD computers. \\\")\r\n\\n\\n\\n\r\n// Detect potential data compression and exfiltration\r\n\\n\r\nlet compress_exfil = DeviceProcessEvents\r\n\\n\r\n| where FileName =~ \\\"7z.exe\\\"\r\n\\n\r\n| where ProcessCommandLine contains \\\"x -p\\\"\r\n\\n\r\n| project Timestamp, DeviceId, FileName, ProcessCommandLine, ProcessId\r\n\\n\r\n| join kind=inner (\r\n\\n\r\n    DeviceNetworkEvents\r\n\\n\r\n    | where InitiatingProcessId != 0\r\n\\n\r\n) on $left.ProcessId == $right.InitiatingProcessId\r\n\\n\r\n| project Timestamp, DeviceId, FileName, ProcessCommandLine, RemoteIP, RemotePort\r\n\\n\r\n| extend AlertType = \\\"Potential data compression and exfiltration\\\";\r\n\\n\\n\\n\\n\\n\r\nThis attack specifically involved high number of reconnaissance commands including ipconfig, systeminfo, geo location\r\nscans, user recons, EDR protection status. In a typical attack, this information is exfiltrated to an external C2 server.\r\nHowever, in these attacks, the attacker could have probably taken a screenshot through the RMM.\r\n\\n\\n\\n\\n\r\nThe payloads downloaded by the attacker was used to create persistence either using scheduled tasks or by being added to\r\nthe startup folder.\r\n\\n\\n\r\n// Persistence through Startup operations\r\nlet regKeys = pack_array(@\\\"CurrentVersion\\\\Run\\\",\r\n@\\\"CurrentVersion\\\\RunOnce\\\",\r\n@\\\"CurrentVersion\\\\RunOnceEx\\\",\r\n@\\\"Programs\\\\Startup\\\",\r\n@\\\"CurrentVersion\\\\RunServicesOnce\\\",\r\n@\\\"CurrentVersion\\\\RunServices\\\",\r\n@\\\"CurrentVersion\\\\Policies\\\\Explorer\\\\Run\\\",\r\n@\\\"Windows NT\\\\CurrentVersion\\\\Windows\\\",\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 14 of 44\n\n@\\\"System\\\\CurrentControlSet\\\\Control\\\\Session Manager\\\");\r\nlet startUpOperations = DeviceFileEvents\r\n| where FolderPath has @\\\"Start Menu\\\\Programs\\\\Startup\\\\\\\"\r\n| where ActionType in (\\\"FileCreated\\\", \\\"FileModified\\\", \\\"FileRenamed\\\");\r\n// Persistence through Registry Tampering\r\nlet regOperations = DeviceRegistryEvents\r\n| where hasAlertDevices\r\n| where Timestamp between (startTime .. endTime)\r\n| where DeviceId in (alertedDevices)\r\n| where RegistryKey has_any (regKeys)\r\n| where ActionType in (\\\"SetValue\\\" ,\\\"CreateKey\\\" , \\\"RenameKey\\\");\r\n// Persistence through Scheduled task creation\r\nlet scheduledOperations = DeviceProcessEvents\r\n| where Timestamp between (startTime .. endTime)\r\n| where DeviceId in (alertedDevices)\r\n| where (InitiatingProcessCommandLine has \\\"schtasks\\\" and InitiatingProcessCommandLine has_any (\\\"run\\\", \\\"create\\\" ,\r\n\\\"change\\\"));\r\nunion startUpOperations, regOperations, scheduledOperations\r\n| summarize arg_min(Timestamp, *) by DeviceId\r\n\\n\\n\\n\\n\r\n\\n\r\nSuspicious activity using Quick Assist\r\n\\n\r\nPossible remote access tool activity\r\n\\n\r\nSuspicious usage of remote management software\r\n\\n\r\nSuspicious location of remote management software\r\n\\n\r\nPossible NetSupport Manager activity\r\n\\n\r\n\\n\\n\\n\\n\r\nNOTE: The following references are available for Microsoft Defender customers.\r\n\\n\r\n\\n\r\nQakbot distributor Storm-0464 shifts to DarkGate and IcedID : Intel Article - Microsoft Defender - Shift to DarkGate\r\nand IcedID\r\n\\n\r\nFinancially motivated threat actors misusing App Installer : Intel Article - Microsoft Defender - App Installer misuse\r\n\\n\r\nThreat actors misusing Quick Assist in social engineering attacks leading to ransomware : Intel Article - Microsoft\r\nDefender - Quick Assist misuse\r\n\\n\r\n\\n\\n\\n\\n\r\n\\n\r\nEducate Microsoft Teams users to verify ‘External’ tagging on communication attempts from external entities, be\r\ncautious about what they share, and never share their account information or authorize sign-in requests over chat. \r\n\\n\r\nAdministrators have an option to manage chats/Teams meetings with external users not managed by the Organization\r\n\\n\r\nApply Microsoft’s security best practices for Microsoft Teams to safeguard Teams users. \r\n\\n\r\nEducate users about diligent use of RMM tools\r\n\\n\r\nImplement Conditional Access authentication strength to require phishing-resistant authentication for employees and\r\nexternal users for critical apps. \r\n\\n\r\nEnable investigation and remediation in full automated mode to allow Defender for Endpoint to take immediate\r\naction on alerts to resolve breaches, significantly reducing alert volume. \r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 15 of 44\n\n\\n\r\n\\n\r\nNOTE: The following is available for Microsoft Defender customers.\r\n\\n\r\n\\n\r\nRefer to Microsoft’s human-operated ransomware overview for general hardening recommendations against\r\nransomware attacks. \r\n\\n\r\n\",\"body@stringLength\":\"27298\",\"rawBody\":\"\r\nAuthors:\r\n\\n\r\n-Gourav Khandelwal (@Gourav_Khandelwal)\r\n\\n\r\n-Akash Chaudhuri (@AkashChaudhuri)\r\n\\n\r\n-Matthew Mesa (@matthewmesa)\r\n\\n\r\n-Sagar Patil (@Sagar256) \r\n\\n\r\n-Uri Oren (@orenuri)\r\n\\n\r\n-Krithika Ramakrishnan (@krithikar)\r\n\\n\\n\r\nIntroduction\r\n\\n\\n\r\nSince April 2024, we have observed a significant increase in Teams phishing attacks, which have led to endpoint-related\r\nincidents, particularly through the abuse of Remote Monitoring and Management (RMM) tools such as Quick Assist (Ref :\r\nThreat actors misusing Quick Assist in social engineering attacks leading to ransomware | Microsoft Security Blog), and\r\nother tools such as Any Desk, and Team Viewer.\r\n\\n\\n\r\nInitially, the attack began with a spam flood, followed by the attacker impersonating the Help Desk on Teams. The attacker\r\nwould contact the user via Teams, send a malicious link to start the RMM session, and deliver the harmful payload during\r\nthe session. This would lead to hands-on keyboard activity, data exfiltration, and ultimately result in ransomware attacks.\r\n\\n\\n\r\nOver time, the attack method evolved. The attackers now directly reach out to users on Teams, impersonating the service\r\ndesk. Once the user accepts the Teams invite, the attacker provides a SharePoint link containing malicious payloads, which\r\ncould lead to critical security breaches. Recent trends in social engineering attacks highlight this adaptability, with attackers\r\nvarying their tactics based on the target. For instance, they might use a SharePoint link for one victim while opting for a\r\ndifferent hosting platform for another on the same day. Moreover, attackers are moving beyond traditional link-based\r\nstrategies by persuading users to install remote access software like AnyDesk and TeamViewer or convincing them to\r\ninitiate connections via Microsoft's Quick Assist, which is installed by default in the Windows Operating System.\r\n\\n\\n\r\nMicrosoft continues to aggressively combat threats, such as halting notorious DarkGate, which is a very capable malware.\r\nSince December 2023, Microsoft Threat Intelligence has been tracking Storm-1674 attacker group misusing App Installers\r\nwith Teams Phishing as the initial access vector (Ref : Intel Article - Microsoft Defender). In this scenario, the attacker\r\nconvinces the user that they are interacting with the service desk, allowing the attacker to perform malicious activities on the\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 16 of 44\n\ndevice through Remote Monitoring and Management (RMM) tools. What makes this attack unique is that each attack kill\r\nchain is different, as every payload varies.\r\n\\n\\n\r\nThe activity is attributed to Storm-1811 and Storm-1674 by Microsoft Threat Intelligence.\r\n\\n\r\nIn this blog, we will walk through one of the observed scenarios and discuss hunting approaches for detecting such attacks.\r\n\\n\\n\r\nAttack Flow\r\n\\n\\n\\n\r\nTeams Phishing\r\n\\n\\n\r\nIn the majority of the attacks observed, impersonation of the IT desk in a one-on-one Teams conversation from attacker\r\nowned tenants. Attackers also call the users on Teams, create meetings and send chat messages that contain malicious URLs\r\nor attachments to through the meeting's chat feature.\r\n\\n\r\nThe tenants were usually newly created in a span of less than 7 days. In a few scenarios, the Teams Phishing was preceded\r\nby a spam flood with more than 1000+ emails every hour. This was used to set the context for the attacker to call the user\r\nimpersonating the help desk under the pretext of fixing the spam flood.\r\n\\n\r\nThe attacks were highly targeted, with attackers focusing on at least three users per tenant through Teams phishing. By\r\naggregating the number of users targeted by an external user from a tenant every hour, we can identify these attacks more\r\neffectively.\r\n\\n\\n\r\nHunting for Compromises\r\n\\n\\n\r\nHunt for spam flood attack\r\n\\n\\n\r\nEmailEvents \r\n\\n\r\n| where Timestamp \u003e ago(1d)\r\n\\n\r\n| where EmailDirection == \\\"Inbound\\\" \r\n\\n\r\n| make-series Emailcount = count() \r\n\\n\r\n              on Timestamp step 1h by RecipientObjectId \r\n\\n\r\n| extend (Anomalies, AnomalyScore, ExpectedEmails) = series_decompose_anomalies(Emailcount) \r\n\\n\r\n| mv-expand Emailcount, Anomalies, AnomalyScore, ExpectedEmails to typeof(double), Timestamp \r\n\\n\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 17 of 44\n\n| where Anomalies != 0 \r\n\\n\r\n| where AnomalyScore \u003e= 10 \r\n\\n\\n\r\nHunt for Suspicious External Teams messages\r\n\\n\\n\r\nCloudAppEvents\r\n\\n\r\n where Timestamp \u003e ago(1d)\r\n\\n\r\n|where  ApplicationId == 28375\r\n\\n\r\n// This action type is recorded when a new chat is created with the user\r\n\\n\r\n| where ActionType == \\\"ChatCreated\\\"\r\n\\n\r\n// This field records the sender’s Account Object ID, since the sender is a third party, the field is expected to be empty\r\n\\n\r\n| where isempty(AccountObjectId)\r\n\\n\r\n// Validation for the message being sent from a Foreign tenant\r\n\\n\r\n| where tobool(RawEventData.ParticipantInfo.HasForeignTenantUsers) == true \r\n\\n\r\n| where RawEventData.CommunicationType == \\\"OneOnOne\\\"\r\n\\n\r\n// Validation that the conversation is not initiated from a guest tenant\r\n\\n\r\n| where tobool(RawEventData.ParticipantInfo.HasGuestUsers) == false\r\n\\n\r\n| where tobool(RawEventData.ParticipantInfo.HasOtherGuestUsers) == false\r\n\\n\r\n// Validation that the sender is not recognized. If the sender is not recognized, only the email address is populated here\r\n\\n\r\n| where AccountId has \\\"@\\\"\r\n\\n\\n\r\nThis query can also be appended with aggregation by sender tenant to identify targeted attempts:\r\n\\n\\n\r\n| extend TargetUserUPN = tolower(tostring(RawEventData.Members[1].UPN))\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 18 of 44\n\n\\n\r\n| extend  TargetTenant = tostring(RawEventData.OrganizationId)\r\n\\n\r\n| extend  AttackerTenant = tostring(RawEventData.Members[0].OrganizationId)\r\n\\n\r\n| extend  AttackerUPN = tostring(RawEventData.Members[0].UPN)\r\n\\n\r\n| extend  AttackerName = tostring(RawEventData.Members[0].DisplayName)\r\n\\n\r\n|summarize summarize UsersTargeted = dcount(TargetUserUPN ) by AttackerTenant, AttackerUPN, bin(Timestamp, 1h)\r\n\\n\r\n|where  UsersTargeted \u003e= 2\r\n\\n\\n\\n\r\nRMM Tools Abuse\r\n\\n\\n\r\nIn cases involving spam floods, the attacker will often call the user via Teams and persuade them to open the Quick Assist\r\napplication (one of the most targeted RMM applications) and provide the access code. Once the user shares the code, the\r\nattacker gains access to the device. If the user also approves the \\\"Request control\\\" prompt, the attacker gains full control\r\nover the device.\r\n\\n\\n\r\nHunting for Compromises\r\n\\n\\n\r\nHunt for Teams Activity followed by suspicious RMM:\r\n\\n\\n\r\nlet interestingUsers = DeviceProcessEvents\r\n\\n\r\n| where Timestamp \u003e ago(1h)\r\n\\n\r\n| where isnotempty(InitiatingProcessAccountObjectId)\r\n\\n\r\n|where FileName has_any (“quickassist.exe”, “anydesk.exe”, “teamviewer_service.exe”)    // Multiple RMM tools can be\r\nabused here\r\n\\n\r\n | project InitiatingProcessAccountUpn;\r\n\\n\r\nCloudAppEvents\r\n\\n\r\n| where Timestamp \u003e ago(1d)\r\n\\n\r\n| where Application == \\\"Microsoft Teams\\\" \r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 19 of 44\n\n\\n\r\n| where ActionType == \\\"ChatCreated\\\" \r\n\\n\r\n| where isempty(AccountObjectId)\r\n\\n\r\n| where RawEventData.ParticipantInfo.HasForeignTenantUsers == true \r\n\\n\r\n| where RawEventData.CommunicationType == \\\"OneOnOne\\\" \r\n\\n\r\n| where RawEventData.ParticipantInfo.HasGuestUsers == false \r\n\\n\r\n| where RawEventData.ParticipantInfo.HasOtherGuestUsers == false \r\n\\n\r\n| where AccountId has \\\"@\\\"\r\n\\n\r\n| extend TargetUPN = tolower(tostring(RawEventData.Members[1].UPN))\r\n\\n\r\n| where TargetUPN  in (interestingUsers )\r\n\\n\r\n| extend VictimTenant = tostring(RawEventData.OrganizationId)\r\n\\n\r\n| extend AttackerTenant = RawEventData.Members[0].OrganizationId\r\n\\n\r\n| extend AttackerUPN = RawEventData.Members[0].UPN\r\n\\n\r\n| extend AttackerName = RawEventData.Members[0].DisplayName\r\n\\n\\n\r\nInitial Access\r\n\\n\\n\r\nThe Storm-1811 actor calls users on Teams, then abuses RMM tools to deploy payloads and initiate credential theft for\r\ninitial access. And, the Storm-1674 actor either calls users or uses Teams chat to deliver malicious payloads via phishing\r\nlinks hosted on file-sharing services usually like SharePoint.\r\n\\n\\n\r\nHunting for Compromises\r\n\\n\\n\r\nIn addition to the Teams phishing activities recorded in CloudAppEvents telemetry, clicks on SharePoint URLs are logged in\r\nthe UrlClickEvents table. Correlating suspicious signals on devices with UrlClickEvents table can help identify and\r\nhighlight this activity.\r\n\\n\\n\r\nCorrelating URL click events on alerted devices\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 20 of 44\n\n\\n\\n\r\nlet alertedDevices = AlertEvidence\r\n\\n\r\n | where Timestamp \u003e ago(1h)\r\n\\n\r\n | where isnotempty(DeviceId)\r\n\\n\r\n|distinct DeviceId;\r\n\\n\r\nlet interestedUsers = DeviceProcessEvents\r\n\\n\r\n| where Timestamp \u003e ago(1h)\r\n\\n\r\n| where DeviceId in (alertedDevices)\r\n\\n\r\n| where isnotempty(InitiatingProcessAccountUpn)\r\n\\n\r\n| distinct InitiatingProcessAccountUpn;\r\n\\n\r\nUrlClickEvents\r\n\\n\r\n| where Timestamp \u003e ago(1d)\r\n\\n\r\n| where ActionType == \\\"ClickAllowed\\\" or IsClickedThrough !=\\\"0\\\"\r\n\\n\r\n| where Workload has “Teams”\r\n\\n\r\n| where AccountUpn in (interestedUsers)\r\n\\n\\n\r\nCredential Access\r\n\\n\\n\r\nAfter taking control of the target user’s device through RMM, the attacker executes a script under the pretext of fixing the\r\nspam flood activity. The name of the script also justifies the intent to convince the user for the next steps (Eg : Spam Filter\r\nUpdate). When the script is executed, it prompts the target user to provide the credentials, persuaded by the attacker.\r\n\\n\\n\r\nIn a few other scenarios, the attacker also redirects the user to an AiTM phishing page to complete the sign-in with MFA to\r\ncompromise the session token.\r\n\\n\\n\r\nHunting for Compromises\r\n\\n\\n\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 21 of 44\n\nThese compromises can be identified by correlating risky sign-in attempts with Teams phishing from external tenants. The\r\nbelow query can be used to identify identity compromises (Adversary-in-the-middle attack) through Teams messages with\r\nmalicious links/attachments as well:\r\n\\n\\n\r\nlet usersWithRiskySignIn = AADSignInEventsBeta\r\n\\n\r\n |where Timestamp \u003e ago(1h)\r\n\\n\r\n |where RiskLevelDuringSignIn == 100\r\n\\n\r\n|project AccountUpn;\r\n\\n\r\nCloudAppEvents\r\n\\n\r\n| where Timestamp \u003e ago(1d)\r\n\\n\r\n| where Application == \\\"Microsoft Teams\\\" \r\n\\n\r\n| where ActionType == \\\"ChatCreated\\\" \r\n\\n\r\n| where isempty(AccountObjectId)\r\n\\n\r\n| where RawEventData.ParticipantInfo.HasForeignTenantUsers == true \r\n\\n\r\n| where RawEventData.CommunicationType == \\\"OneOnOne\\\" \r\n\\n\r\n| where RawEventData.ParticipantInfo.HasGuestUsers == false \r\n\\n\r\n| where RawEventData.ParticipantInfo.HasOtherGuestUsers == false \r\n\\n\r\n| where AccountId has \\\"@\\\"\r\n\\n\r\n| extend TargetUPN = tolower(tostring(RawEventData.Members[1].UPN))\r\n\\n\r\n| where TargetUPN  in (interestingUsers )\r\n\\n\r\n| extend TargetTenant = tostring(RawEventData.OrganizationId)\r\n\\n\r\n| extend AttackerTenant = RawEventData.Members[0].OrganizationId\r\n\\n\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 22 of 44\n\n|where TargetTenant != AttackerTenant\r\n\\n\r\n| extend AttackerUPN = RawEventData.Members[0].UPN\r\n\\n\r\n| extend AttackerName = RawEventData.Members[0].DisplayName\r\n\\n\r\n|project project-reorder Timestamp, AttackerTenant, AttackerUPN, AttackerName, TargetUPN \r\n\\n\\n\r\nExecution\r\n\\n\\n\r\nUsing a scripted cURL command, the attacker downloads additional payloads in an RMM session, or shares a SharePoint\r\nlink on Microsoft Teams with payloads and tools (like NetSupport RAT). In a few scenarios, an SSH connection was also\r\nsetup with the attacker’s machine.\r\n\\n\\n\\n\\n\\n\r\nIn conjunction with RMM tools, attackers use various command-line utilities to manipulate Active Directory (AD)\r\nenvironments. One such utility is Csvde, a command-line tool that imports and exports data from Active Directory Domain\r\nServices (AD DS). Csvde can be exploited by threat actors to extract sensitive AD information or to introduce malicious\r\nentries into the directory, further compromising the security of the environment.\r\n\\n\\n\r\nDetect suspicious file downloads\r\n\\n\\n\r\nDeviceNetworkEvents\r\n\\n\r\n| where InitiatingProcessFileName in~ (\\\"curl.exe\\\", \\\"powershell.exe\\\", \\\"certutil.exe\\\", \\\"bitsadmin.exe\\\")\r\n\\n\r\n| where RemoteIPType == \\\"Public\\\"\r\n\\n\r\n| where RemoteUrl endswith \\\".exe\\\" or RemoteUrl endswith \\\".dll\\\" or RemoteUrl endswith \\\".zip\\\"\r\n\\n\r\n| project Timestamp, DeviceId, InitiatingProcessFileName, RemoteIP, RemoteUrl\r\n\\n\r\n| extend AlertType = \\\"Suspicious file download from unknown IP address\\\"\r\n\\n\\n\\n\r\nDetection of csvde.exe Download and AD Enumeration\r\n\\n\\n\r\n// Detect curl downloading csvde.exe\r\n\\n\r\nlet csvde_download =   DeviceProcessEvents\r\n\\n\r\n    | where InitiatingProcessFileName =~\\\"cmd.exe\\\"\r\n\\n\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 23 of 44\n\n| where ProcessCommandLine has_all (\\\"curl\\\",\\\"-o\\\",\\\"csvde.exe\\\",\\\"http:\\\")\r\n\\n\r\n    |  project DeviceId,Timestamp,CurlCommandLine=ProcessCommandLine, CurlProcessId = ProcessId;\r\n\\n\r\n// Detect execution of csvde.exe with specific parameters\r\n\\n\r\nlet csvde_execution =\r\n\\n\r\n    DeviceProcessEvents\r\n\\n\r\n    | where FileName =~ \\\"csvde.exe\\\"\r\n\\n\r\n    | where ProcessCommandLine has_all  (\\\"-r\\\",\\\"objectClass=Computer\\\")\r\n\\n\r\n        and ProcessCommandLine has_all (\\\"-l\\\",\\\"samAccountName\\\",\\\"description\\\",\\\"info\\\",\\\"operatingSystem\\\")\r\n\\n\r\n        and ProcessCommandLine contains \\\"-f\\\"\r\n\\n\r\n   |  project DeviceId,Timestamp, CsvdeCommandLine= ProcessCommandLine,CsvdeProcessId = ProcessId;\r\n\\n\r\nJoin the two events and look for them occurring within 5 minutes\r\n\\n\r\ncsvde_download\r\n\\n\r\n| join kind=inner (\r\n\\n\r\n    csvde_execution\r\n\\n\r\n) on DeviceId\r\n\\n\r\n| where Timestamp  between (Timestamp1 .. Timestamp1 + 5m)\r\n\\n\r\n| extend   AlertType = \\\"Potential Active Directory Enumeration\\\",  Details = strcat(\\\"curl.exe was used to download\r\ncsvde.exe, which was then executed to enumerate AD computers. \\\")\r\n\\n\\n\\n\r\n// Detect potential data compression and exfiltration\r\n\\n\r\nlet compress_exfil = DeviceProcessEvents\r\n\\n\r\n| where FileName =~ \\\"7z.exe\\\"\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 24 of 44\n\n\\n\r\n| where ProcessCommandLine contains \\\"x -p\\\"\r\n\\n\r\n| project Timestamp, DeviceId, FileName, ProcessCommandLine, ProcessId\r\n\\n\r\n| join kind=inner (\r\n\\n\r\n    DeviceNetworkEvents\r\n\\n\r\n    | where InitiatingProcessId != 0\r\n\\n\r\n) on $left.ProcessId == $right.InitiatingProcessId\r\n\\n\r\n| project Timestamp, DeviceId, FileName, ProcessCommandLine, RemoteIP, RemotePort\r\n\\n\r\n| extend AlertType = \\\"Potential data compression and exfiltration\\\";\r\n\\n\\n\\n\r\nReconnaissance\r\n\\n\\n\r\nThis attack specifically involved high number of reconnaissance commands including ipconfig, systeminfo, geo location\r\nscans, user recons, EDR protection status. In a typical attack, this information is exfiltrated to an external C2 server.\r\nHowever, in these attacks, the attacker could have probably taken a screenshot through the RMM.\r\n\\n\\n\r\nPersistence\r\n\\n\\n\r\nThe payloads downloaded by the attacker was used to create persistence either using scheduled tasks or by being added to\r\nthe startup folder.\r\n\\n\\n\r\n// Persistence through Startup operations\r\nlet regKeys = pack_array(@\\\"CurrentVersion\\\\Run\\\",\r\n@\\\"CurrentVersion\\\\RunOnce\\\",\r\n@\\\"CurrentVersion\\\\RunOnceEx\\\",\r\n@\\\"Programs\\\\Startup\\\",\r\n@\\\"CurrentVersion\\\\RunServicesOnce\\\",\r\n@\\\"CurrentVersion\\\\RunServices\\\",\r\n@\\\"CurrentVersion\\\\Policies\\\\Explorer\\\\Run\\\",\r\n@\\\"Windows NT\\\\CurrentVersion\\\\Windows\\\",\r\n@\\\"System\\\\CurrentControlSet\\\\Control\\\\Session Manager\\\");\r\nlet startUpOperations = DeviceFileEvents\r\n| where FolderPath has @\\\"Start Menu\\\\Programs\\\\Startup\\\\\\\"\r\n| where ActionType in (\\\"FileCreated\\\", \\\"FileModified\\\", \\\"FileRenamed\\\");\r\n// Persistence through Registry Tampering\r\nlet regOperations = DeviceRegistryEvents\r\n| where hasAlertDevices\r\n| where Timestamp between (startTime .. endTime)\r\n| where DeviceId in (alertedDevices)\r\n| where RegistryKey has_any (regKeys)\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 25 of 44\n\n| where ActionType in (\\\"SetValue\\\" ,\\\"CreateKey\\\" , \\\"RenameKey\\\");\r\n// Persistence through Scheduled task creation\r\nlet scheduledOperations = DeviceProcessEvents\r\n| where Timestamp between (startTime .. endTime)\r\n| where DeviceId in (alertedDevices)\r\n| where (InitiatingProcessCommandLine has \\\"schtasks\\\" and InitiatingProcessCommandLine has_any (\\\"run\\\", \\\"create\\\" ,\r\n\\\"change\\\"));\r\nunion startUpOperations, regOperations, scheduledOperations\r\n| summarize arg_min(Timestamp, *) by DeviceId\r\n\\n\\n\r\nDetections\r\n\\n\\n\r\n\\n\r\nSuspicious activity using Quick Assist\r\n\\n\r\nPossible remote access tool activity\r\n\\n\r\nSuspicious usage of remote management software\r\n\\n\r\nSuspicious location of remote management software\r\n\\n\r\nPossible NetSupport Manager activity\r\n\\n\r\n\\n\\n\r\nReferences\r\n\\n\\n\r\nNOTE: The following references are available for Microsoft Defender customers.\r\n\\n\r\n\\n\r\nQakbot distributor Storm-0464 shifts to DarkGate and IcedID : Intel Article - Microsoft Defender - Shift to DarkGate\r\nand IcedID\r\n\\n\r\nFinancially motivated threat actors misusing App Installer : Intel Article - Microsoft Defender - App Installer misuse\r\n\\n\r\nThreat actors misusing Quick Assist in social engineering attacks leading to ransomware : Intel Article - Microsoft\r\nDefender - Quick Assist misuse\r\n\\n\r\n\\n\\n\r\nRecommendations\r\n\\n\\n\r\n\\n\r\nEducate Microsoft Teams users to verify ‘External’ tagging on communication attempts from external entities, be\r\ncautious about what they share, and never share their account information or authorize sign-in requests over chat. \r\n\\n\r\nAdministrators have an option to manage chats/Teams meetings with external users not managed by the Organization\r\n\\n\r\nApply Microsoft’s security best practices for Microsoft Teams to safeguard Teams users. \r\n\\n\r\nEducate users about diligent use of RMM tools\r\n\\n\r\nImplement Conditional Access authentication strength to require phishing-resistant authentication for employees and\r\nexternal users for critical apps. \r\n\\n\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 26 of 44\n\nEnable investigation and remediation in full automated mode to allow Defender for Endpoint to take immediate\r\naction on alerts to resolve breaches, significantly reducing alert volume. \r\n\\n\r\n\\n\r\nNOTE: The following is available for Microsoft Defender customers.\r\n\\n\r\n\\n\r\nRefer to Microsoft’s human-operated ransomware overview for general hardening recommendations against\r\nransomware attacks. \r\n\\n\r\n\",\"kudosSumWeight\":6,\"postTime\":\"2024-10-15T05:00:00.029-07:00\",\"images\":\r\n{\"__typename\":\"AssociatedImageConnection\",\"edges\":\r\n[{\"__typename\":\"AssociatedImageEdge\",\"cursor\":\"MjYuMXwyLjF8b3wyNXxfTlZffDE\",\"node\":\r\n{\"__ref\":\"AssociatedImage:\r\n{\\\"url\\\":\\\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjY3OTE2LTYyOTAwNmk5OTE3RUI4ODM3NzkwM0M3?\r\nrevision=16\\\"}\"}},{\"__typename\":\"AssociatedImageEdge\",\"cursor\":\"MjYuMXwyLjF8b3wyNXxfTlZffDI\",\"node\":\r\n{\"__ref\":\"AssociatedImage:\r\n{\\\"url\\\":\\\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjY3OTE2LTYyODIyM2kzQzk5OUEyNUU1QkE1NzhB?\r\nrevision=16\\\"}\"}},{\"__typename\":\"AssociatedImageEdge\",\"cursor\":\"MjYuMXwyLjF8b3wyNXxfTlZffDM\",\"node\":\r\n{\"__ref\":\"AssociatedImage:\r\n{\\\"url\\\":\\\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjY3OTE2LTYyODIyNGlENTVGRDQ5RDc0MkMyN0E0?\r\nrevision=16\\\"}\"}}],\"totalCount\":3,\"pageInfo\":\r\n{\"__typename\":\"PageInfo\",\"hasNextPage\":false,\"endCursor\":null,\"hasPreviousPage\":false,\"startCursor\":null}},\"attachments\":\r\n{\"__typename\":\"AttachmentConnection\",\"pageInfo\":\r\n{\"__typename\":\"PageInfo\",\"hasNextPage\":false,\"endCursor\":null,\"hasPreviousPage\":false,\"startCursor\":null},\"edges\":\r\n[]},\"tags\":{\"__typename\":\"TagConnection\",\"pageInfo\":\r\n{\"__typename\":\"PageInfo\",\"hasNextPage\":false,\"endCursor\":null,\"hasPreviousPage\":false,\"startCursor\":null},\"edges\":\r\n[{\"__typename\":\"TagEdge\",\"cursor\":\"MjYuMXwyLjF8b3wxMHxfTlZffDE\",\"node\":\r\n{\"__typename\":\"Tag\",\"id\":\"tag:defender experts for hunting\",\"text\":\"defender experts for hunting\",\"time\":\"2023-03-\r\n14T16:33:24.891-07:00\",\"lastActivityTime\":null,\"messagesCount\":null,\"followersCount\":null}},\r\n{\"__typename\":\"TagEdge\",\"cursor\":\"MjYuMXwyLjF8b3wxMHxfTlZffDI\",\"node\":{\"__typename\":\"Tag\",\"id\":\"tag:defender\r\nexperts for xdr\",\"text\":\"defender experts for xdr\",\"time\":\"2022-11-22T08:22:46.355-\r\n08:00\",\"lastActivityTime\":null,\"messagesCount\":null,\"followersCount\":null}},\r\n{\"__typename\":\"TagEdge\",\"cursor\":\"MjYuMXwyLjF8b3wxMHxfTlZffDM\",\"node\":\r\n{\"__typename\":\"Tag\",\"id\":\"tag:microsoft security enterprise services\",\"text\":\"microsoft security enterprise\r\nservices\",\"time\":\"2024-06-12T14:10:16.501-\r\n07:00\",\"lastActivityTime\":null,\"messagesCount\":null,\"followersCount\":null}}]},\"timeToRead\":9,\"rawTeaser\":\"\\n\r\nThreat actors make problems for users and then offer to fix them.  With an RMM tool and user clicks, they are in.  \r\n\",\"introduction\":\"\",\"coverImage\":null,\"coverImageProperties\":\r\n{\"__typename\":\"CoverImageProperties\",\"style\":\"STANDARD\",\"titlePosition\":\"BOTTOM\",\"altText\":\"\"},\"currentRevision\":\r\n{\"__ref\":\"Revision:revision:4267916_16\"},\"latestVersion\":\r\n{\"__typename\":\"FriendlyVersion\",\"major\":\"6\",\"minor\":\"0\"},\"metrics\":\r\n{\"__typename\":\"MessageMetrics\",\"views\":8248},\"read\":false,\"visibilityScope\":\"PUBLIC\",\"canonicalUrl\":null,\"seoTitle\":null,\"seoDescription\":null,\"pla\r\n{\"__typename\":\"UserConnection\",\"edges\":[]},\"nonCoAuthorContributors\":{\"__typename\":\"UserConnection\",\"edges\":\r\n[]},\"coAuthors\":{\"__typename\":\"UserConnection\",\"edges\":[]},\"blogMessagePolicies\":\r\n{\"__typename\":\"BlogMessagePolicies\",\"canDoAuthoringActionsOnBlog\":{\"__typename\":\"PolicyResult\",\"failureReason\":\r\n{\"__typename\":\"FailureReason\",\"message\":\"error.lithium.policies.blog.action_can_do_authoring_action.accessDenied\",\"key\":\"error.lithium.policies.blog\r\n[]}}},\"archivalData\":null,\"customFields\":[],\"revisions({\\\"constraints\\\":{\\\"isPublished\\\":{\\\"eq\\\":true}}})\":\r\n{\"__typename\":\"RevisionConnection\",\"totalCount\":16}},\"Conversation:conversation:4267916\":\r\n{\"__typename\":\"Conversation\",\"id\":\"conversation:4267916\",\"solved\":false,\"topic\":\r\n{\"__ref\":\"BlogTopicMessage:message:4267916\"},\"lastPostingActivityTime\":\"2024-10-22T07:56:53.028-\r\n07:00\",\"lastPostTime\":\"2024-10-15T05:00:00.029-\r\n07:00\",\"unreadReplyCount\":0,\"isSubscribed\":false},\"ModerationData:moderation_data:4267916\":\r\n{\"__typename\":\"ModerationData\",\"id\":\"moderation_data:4267916\",\"status\":\"APPROVED\",\"rejectReason\":null,\"isReportedAbuse\":false,\"rejectUser\":nu\r\n{\\\"url\\\":\\\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjY3OTE2LTYyOTAwNmk5OTE3RUI4ODM3NzkwM0M3?\r\nrevision=16\\\"}\":\r\n{\"__typename\":\"AssociatedImage\",\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjY3OTE2LTYyOTAwNmk5OTE3RUI4O\r\nrevision=16\",\"title\":\"China\r\nSOC.png\",\"associationType\":\"TEASER\",\"width\":993,\"height\":664,\"altText\":null},\"AssociatedImage:\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 27 of 44\n\n{\\\"url\\\":\\\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjY3OTE2LTYyODIyM2kzQzk5OUEyNUU1QkE1NzhB?\r\nrevision=16\\\"}\":\r\n{\"__typename\":\"AssociatedImage\",\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjY3OTE2LTYyODIyM2kzQzk5OUEyNU\r\nrevision=16\",\"title\":\"Zophar_0-\r\n1728599612072.png\",\"associationType\":\"BODY\",\"width\":1836,\"height\":453,\"altText\":null},\"AssociatedImage:\r\n{\\\"url\\\":\\\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjY3OTE2LTYyODIyNGlENTVGRDQ5RDc0MkMyN0E0?\r\nrevision=16\\\"}\":\r\n{\"__typename\":\"AssociatedImage\",\"url\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/images/bS00MjY3OTE2LTYyODIyNGlENTVGRDQ5R\r\nrevision=16\",\"title\":\"Zophar_1-\r\n1728599612081.png\",\"associationType\":\"BODY\",\"width\":1249,\"height\":897,\"altText\":null},\"Revision:revision:4267916_16\":\r\n{\"__typename\":\"Revision\",\"id\":\"revision:4267916_16\",\"lastEditTime\":\"2024-10-22T07:55:47.002-\r\n07:00\"},\"CachedAsset:theme:customTheme1-1775107807370\":{\"__typename\":\"CachedAsset\",\"id\":\"theme:customTheme1-\r\n1775107807370\",\"value\":{\"id\":\"customTheme1\",\"animation\":\r\n{\"fast\":\"150ms\",\"normal\":\"250ms\",\"slow\":\"500ms\",\"slowest\":\"750ms\",\"function\":\"cubic-bezier(0.07, 0.91, 0.51,\r\n1)\",\"__typename\":\"AnimationThemeSettings\"},\"avatar\":{\"borderRadius\":\"50%\",\"collections\":\r\n[\"default\"],\"__typename\":\"AvatarThemeSettings\"},\"basics\":{\"browserIcon\":{\"imageAssetName\":\"favicon-1730836283320.png\",\"imageLastModified\":\"1730836286415\",\"__typename\":\"ThemeAsset\"},\"customerLogo\":\r\n{\"imageAssetName\":\"favicon-1730836271365.png\",\"imageLastModified\":\"1730836274203\",\"__typename\":\"ThemeAsset\"},\"maximumWidthOfPageContent\":\"1300px\",\"oneColumnN\r\n{\"borderRadiusSm\":\"3px\",\"borderRadius\":\"3px\",\"borderRadiusLg\":\"5px\",\"paddingY\":\"5px\",\"paddingYLg\":\"7px\",\"paddingYHero\":\"var(-\r\n-lia-bs-btn-padding-y-lg)\",\"paddingX\":\"12px\",\"paddingXLg\":\"16px\",\"paddingXHero\":\"60px\",\"fontStyle\":\"NORMAL\",\"fontWeight\":\"700\",\"textTransform\":\"NONE\",\"disabled\r\n-lia-bs-white)\",\"primaryTextHoverColor\":\"var(--lia-bs-white)\",\"primaryTextActiveColor\":\"var(--lia-bs-white)\",\"primaryBgColor\":\"var(--lia-bs-primary)\",\"primaryBgHoverColor\":\"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.85))\",\"primaryBgActiveColor\":\"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) * 0.7))\",\"primaryBorder\":\"1px solid transparent\",\"primaryBorderHover\":\"1px solid\r\ntransparent\",\"primaryBorderActive\":\"1px solid transparent\",\"primaryBorderFocus\":\"1px solid var(--lia-bs-white)\",\"primaryBoxShadowFocus\":\"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)\",\"secondaryTextColor\":\"var(--lia-bs-gray-900)\",\"secondaryTextHoverColor\":\"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) *\r\n0.95))\",\"secondaryTextActiveColor\":\"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) *\r\n0.9))\",\"secondaryBgColor\":\"var(--lia-bs-gray-200)\",\"secondaryBgHoverColor\":\"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))\",\"secondaryBgActiveColor\":\"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))\",\"secondaryBorder\":\"1px solid\r\ntransparent\",\"secondaryBorderHover\":\"1px solid transparent\",\"secondaryBorderActive\":\"1px solid\r\ntransparent\",\"secondaryBorderFocus\":\"1px solid transparent\",\"secondaryBoxShadowFocus\":\"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l),\r\n0.2)\",\"tertiaryTextColor\":\"var(--lia-bs-gray-900)\",\"tertiaryTextHoverColor\":\"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), calc(var(--lia-bs-gray-900-l) * 0.95))\",\"tertiaryTextActiveColor\":\"hsl(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-\r\ns), calc(var(--lia-bs-gray-900-l) *\r\n0.9))\",\"tertiaryBgColor\":\"transparent\",\"tertiaryBgHoverColor\":\"transparent\",\"tertiaryBgActiveColor\":\"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.04)\",\"tertiaryBorder\":\"1px solid\r\ntransparent\",\"tertiaryBorderHover\":\"1px solid hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l),\r\n0.08)\",\"tertiaryBorderActive\":\"1px solid transparent\",\"tertiaryBorderFocus\":\"1px solid\r\ntransparent\",\"tertiaryBoxShadowFocus\":\"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l), 0.2)\",\"destructiveTextColor\":\"var(--lia-bs-danger)\",\"destructiveTextHoverColor\":\"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) *\r\n0.95))\",\"destructiveTextActiveColor\":\"hsl(var(--lia-bs-danger-h), var(--lia-bs-danger-s), calc(var(--lia-bs-danger-l) *\r\n0.9))\",\"destructiveBgColor\":\"var(--lia-bs-gray-200)\",\"destructiveBgHoverColor\":\"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.96))\",\"destructiveBgActiveColor\":\"hsl(var(--lia-bs-gray-200-h), var(--lia-bs-gray-200-s), calc(var(--lia-bs-gray-200-l) * 0.92))\",\"destructiveBorder\":\"1px solid\r\ntransparent\",\"destructiveBorderHover\":\"1px solid transparent\",\"destructiveBorderActive\":\"1px solid\r\ntransparent\",\"destructiveBorderFocus\":\"1px solid transparent\",\"destructiveBoxShadowFocus\":\"0 0 0 1px var(--lia-bs-primary), 0 0 0 4px hsla(var(--lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l),\r\n0.2)\",\"__typename\":\"ButtonsThemeSettings\"},\"border\":{\"color\":\"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l),\r\n0.08)\",\"mainContent\":\"NONE\",\"sideContent\":\"LIGHT\",\"radiusSm\":\"3px\",\"radius\":\"5px\",\"radiusLg\":\"9px\",\"radius50\":\"100vw\",\"__typename\":\"BorderT\r\n{\"xs\":\"0 0 0 1px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.08), 0 3px 0 -1px\r\nhsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.16)\",\"sm\":\"0 2px 4px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.12)\",\"md\":\"0 5px 15px hsla(var(--lia-bs-gray-900-h), var(--\r\nlia-bs-gray-900-s), var(--lia-bs-gray-900-l), 0.3)\",\"lg\":\"0 10px 30px hsla(var(--lia-bs-gray-900-h), var(--lia-bs-gray-900-s),\r\nvar(--lia-bs-gray-900-l), 0.3)\",\"__typename\":\"BoxShadowThemeSettings\"},\"cards\":{\"bgColor\":\"var(--lia-panel-bg-color)\",\"borderRadius\":\"var(--lia-panel-border-radius)\",\"boxShadow\":\"var(--lia-box-shadow-xs)\",\"__typename\":\"CardsThemeSettings\"},\"chip\":\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 28 of 44\n\n{\"maxWidth\":\"300px\",\"height\":\"30px\",\"__typename\":\"ChipThemeSettings\"},\"coreTypes\":\r\n{\"defaultMessageLinkColor\":\"var(--lia-bs-link-color)\",\"defaultMessageLinkDecoration\":\"none\",\"defaultMessageLinkFontStyle\":\"NORMAL\",\"defaultMessageLinkFontWeight\":\"400\",\"defaultMessageF\r\n-lia-bs-font-family-base)\",\"forumColor\":\"#4099E2\",\"forumFontFamily\":\"var(--lia-bs-font-family-base)\",\"forumFontWeight\":\"var(--lia-default-message-font-weight)\",\"forumLineHeight\":\"var(--lia-bs-line-height-base)\",\"forumFontStyle\":\"var(--lia-default-message-font-style)\",\"forumMessageLinkColor\":\"var(--lia-default-message-link-color)\",\"forumMessageLinkDecoration\":\"var(--lia-default-message-link-decoration)\",\"forumMessageLinkFontStyle\":\"var(--\r\nlia-default-message-link-font-style)\",\"forumMessageLinkFontWeight\":\"var(--lia-default-message-link-font-weight)\",\"forumSolvedColor\":\"#148563\",\"blogColor\":\"#1CBAA0\",\"blogFontFamily\":\"var(--lia-bs-font-family-base)\",\"blogFontWeight\":\"var(--lia-default-message-font-weight)\",\"blogLineHeight\":\"1.75\",\"blogFontStyle\":\"var(--lia-default-message-font-style)\",\"blogMessageLinkColor\":\"var(--lia-default-message-link-color)\",\"blogMessageLinkDecoration\":\"var(--lia-default-message-link-decoration)\",\"blogMessageLinkFontStyle\":\"var(--lia-default-message-link-font-style)\",\"blogMessageLinkFontWeight\":\"var(--lia-default-message-link-font-weight)\",\"tkbColor\":\"#4C6B90\",\"tkbFontFamily\":\"var(--lia-bs-font-family-base)\",\"tkbFontWeight\":\"var(--lia-default-message-font-weight)\",\"tkbLineHeight\":\"1.75\",\"tkbFontStyle\":\"var(--lia-default-message-font-style)\",\"tkbMessageLinkColor\":\"var(--lia-default-message-link-color)\",\"tkbMessageLinkDecoration\":\"var(--lia-default-message-link-decoration)\",\"tkbMessageLinkFontStyle\":\"var(--lia-default-message-link-font-style)\",\"tkbMessageLinkFontWeight\":\"var(--lia-default-message-link-font-weight)\",\"qandaColor\":\"#4099E2\",\"qandaFontFamily\":\"var(--lia-bs-font-family-base)\",\"qandaFontWeight\":\"var(--lia-default-message-font-weight)\",\"qandaLineHeight\":\"var(--lia-bs-line-height-base)\",\"qandaFontStyle\":\"var(--lia-default-message-link-font-style)\",\"qandaMessageLinkColor\":\"var(--lia-default-message-link-color)\",\"qandaMessageLinkDecoration\":\"var(--lia-default-message-link-decoration)\",\"qandaMessageLinkFontStyle\":\"var(--\r\nlia-default-message-link-font-style)\",\"qandaMessageLinkFontWeight\":\"var(--lia-default-message-link-font-weight)\",\"qandaSolvedColor\":\"#3FA023\",\"ideaColor\":\"#FF8000\",\"ideaFontFamily\":\"var(--lia-bs-font-family-base)\",\"ideaFontWeight\":\"var(--lia-default-message-font-weight)\",\"ideaLineHeight\":\"var(--lia-bs-line-height-base)\",\"ideaFontStyle\":\"var(--lia-default-message-font-style)\",\"ideaMessageLinkColor\":\"var(--lia-default-message-link-color)\",\"ideaMessageLinkDecoration\":\"var(--lia-default-message-link-decoration)\",\"ideaMessageLinkFontStyle\":\"var(--lia-default-message-link-font-style)\",\"ideaMessageLinkFontWeight\":\"var(--lia-default-message-link-font-weight)\",\"contestColor\":\"#FCC845\",\"contestFontFamily\":\"var(--lia-bs-font-family-base)\",\"contestFontWeight\":\"var(--lia-default-message-font-weight)\",\"contestLineHeight\":\"var(--lia-bs-line-height-base)\",\"contestFontStyle\":\"var(--lia-default-message-link-font-style)\",\"contestMessageLinkColor\":\"var(--lia-default-message-link-color)\",\"contestMessageLinkDecoration\":\"var(--lia-default-message-link-decoration)\",\"contestMessageLinkFontStyle\":\"ITALIC\",\"contestMessageLinkFontWeight\":\"var(--lia-default-message-link-font-weight)\",\"occasionColor\":\"#bc341b\",\"occasionFontFamily\":\"var(--lia-bs-font-family-base)\",\"occasionFontWeight\":\"var(--lia-default-message-font-weight)\",\"occasionLineHeight\":\"var(--lia-bs-line-height-base)\",\"occasionFontStyle\":\"var(--lia-default-message-font-style)\",\"occasionMessageLinkColor\":\"var(--lia-default-message-link-color)\",\"occasionMessageLinkDecoration\":\"var(--lia-default-message-link-decoration)\",\"occasionMessageLinkFontStyle\":\"var(--lia-default-message-link-font-style)\",\"occasionMessageLinkFontWeight\":\"var(--lia-default-message-link-font-weight)\",\"grouphubColor\":\"#333333\",\"categoryColor\":\"#949494\",\"communityColor\":\"#FFFFFF\",\"productColor\":\"#949494\",\"__typename\":\"CoreTypesT\r\n{\"black\":\"#000000\",\"white\":\"#FFFFFF\",\"gray100\":\"#F7F7F7\",\"gray200\":\"#F7F7F7\",\"gray300\":\"#E8E8E8\",\"gray400\":\"#D9D9D9\",\"gray500\":\"#CCCC\r\n-lia-bs-primary)\",\"custom\":[\"#D3F5A4\",\"#243A5E\"],\"__typename\":\"ColorsThemeSettings\"},\"divider\":\r\n{\"size\":\"3px\",\"marginLeft\":\"4px\",\"marginRight\":\"4px\",\"borderRadius\":\"50%\",\"bgColor\":\"var(--lia-bs-gray-600)\",\"bgColorActive\":\"var(--lia-bs-gray-600)\",\"__typename\":\"DividerThemeSettings\"},\"dropdown\":{\"fontSize\":\"var(--\r\nlia-bs-font-size-sm)\",\"borderColor\":\"var(--lia-bs-border-color)\",\"borderRadius\":\"var(--lia-bs-border-radius-sm)\",\"dividerBg\":\"var(--lia-bs-gray-300)\",\"itemPaddingY\":\"5px\",\"itemPaddingX\":\"20px\",\"headerColor\":\"var(--lia-bs-gray-700)\",\"__typename\":\"DropdownThemeSettings\"},\"email\":{\"link\":\r\n{\"color\":\"#0069D4\",\"hoverColor\":\"#0061c2\",\"decoration\":\"none\",\"hoverDecoration\":\"underline\",\"__typename\":\"EmailLinkSettings\"},\"border\":\r\n{\"color\":\"#e4e4e4\",\"__typename\":\"EmailBorderSettings\"},\"buttons\":\r\n{\"borderRadiusLg\":\"5px\",\"paddingXLg\":\"16px\",\"paddingYLg\":\"7px\",\"fontWeight\":\"700\",\"primaryTextColor\":\"#ffffff\",\"primaryTextHoverColor\":\"#fffff\r\nsolid transparent\",\"primaryBorderHover\":\"1px solid transparent\",\"__typename\":\"EmailButtonsSettings\"},\"panel\":\r\n{\"borderRadius\":\"5px\",\"borderColor\":\"#e4e4e4\",\"__typename\":\"EmailPanelSettings\"},\"__typename\":\"EmailThemeSettings\"},\"emoji\":\r\n{\"skinToneDefault\":\"#ffcd43\",\"skinToneLight\":\"#fae3c5\",\"skinToneMediumLight\":\"#e2cfa5\",\"skinToneMedium\":\"#daa478\",\"skinToneMediumDark\":\"#\r\n{\"color\":\"var(--lia-bs-body-color)\",\"fontFamily\":\"Segoe\r\nUI\",\"fontStyle\":\"NORMAL\",\"fontWeight\":\"400\",\"h1FontSize\":\"34px\",\"h2FontSize\":\"32px\",\"h3FontSize\":\"28px\",\"h4FontSize\":\"24px\",\"h5FontSize\":\"20\r\n-lia-bs-headings-font-weight)\",\"h2FontWeight\":\"var(--lia-bs-headings-font-weight)\",\"h3FontWeight\":\"var(--lia-bs-headings-font-weight)\",\"h4FontWeight\":\"var(--lia-bs-headings-font-weight)\",\"h5FontWeight\":\"var(--lia-bs-headings-font-weight)\",\"h6FontWeight\":\"var(--lia-bs-headings-font-weight)\",\"__typename\":\"HeadingThemeSettings\"},\"icons\":\r\n{\"size10\":\"10px\",\"size12\":\"12px\",\"size14\":\"14px\",\"size16\":\"16px\",\"size20\":\"20px\",\"size24\":\"24px\",\"size30\":\"30px\",\"size40\":\"40px\",\"size50\":\"50px\",\"s\r\n{\"bgColor\":\"var(--lia-bs-gray-900)\",\"titleColor\":\"var(--lia-bs-white)\",\"controlColor\":\"var(--lia-bs-white)\",\"controlBgColor\":\"var(--lia-bs-gray-800)\",\"__typename\":\"ImagePreviewThemeSettings\"},\"input\":\r\n{\"borderColor\":\"var(--lia-bs-gray-600)\",\"disabledColor\":\"var(--lia-bs-gray-600)\",\"focusBorderColor\":\"var(--lia-bs-primary)\",\"labelMarginBottom\":\"10px\",\"btnFontSize\":\"var(--lia-bs-font-size-sm)\",\"focusBoxShadow\":\"0 0 0 3px hsla(var(-\r\n-lia-bs-primary-h), var(--lia-bs-primary-s), var(--lia-bs-primary-l),\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 29 of 44\n\n0.2)\",\"checkLabelMarginBottom\":\"2px\",\"checkboxBorderRadius\":\"3px\",\"borderRadiusSm\":\"var(--lia-bs-border-radius-sm)\",\"borderRadius\":\"var(--lia-bs-border-radius)\",\"borderRadiusLg\":\"var(--lia-bs-border-radius-lg)\",\"formTextMarginTop\":\"4px\",\"textAreaBorderRadius\":\"var(--lia-bs-border-radius)\",\"activeFillColor\":\"var(--lia-bs-primary)\",\"__typename\":\"InputThemeSettings\"},\"loading\":{\"dotDarkColor\":\"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.2)\",\"dotLightColor\":\"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l),\r\n0.5)\",\"barDarkColor\":\"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l),\r\n0.06)\",\"barLightColor\":\"hsla(var(--lia-bs-white-h), var(--lia-bs-white-s), var(--lia-bs-white-l),\r\n0.4)\",\"__typename\":\"LoadingThemeSettings\"},\"link\":{\"color\":\"var(--lia-bs-primary)\",\"hoverColor\":\"hsl(var(--lia-bs-primary-h), var(--lia-bs-primary-s), calc(var(--lia-bs-primary-l) -\r\n10%))\",\"decoration\":\"none\",\"hoverDecoration\":\"underline\",\"__typename\":\"LinkThemeSettings\"},\"listGroup\":\r\n{\"itemPaddingY\":\"15px\",\"itemPaddingX\":\"15px\",\"borderColor\":\"var(--lia-bs-gray-300)\",\"__typename\":\"ListGroupThemeSettings\"},\"modal\":{\"contentTextColor\":\"var(--lia-bs-body-color)\",\"contentBg\":\"var(--lia-bs-white)\",\"backgroundBg\":\"var(--lia-bs-black)\",\"smSize\":\"440px\",\"mdSize\":\"760px\",\"lgSize\":\"1080px\",\"backdropOpacity\":0.3,\"contentBoxShadowXs\":\"var(--lia-bs-box-shadow-sm)\",\"contentBoxShadow\":\"var(--lia-bs-box-shadow)\",\"headerFontWeight\":\"700\",\"__typename\":\"ModalThemeSettings\"},\"navbar\":{\"position\":\"FIXED\",\"background\":\r\n{\"attachment\":null,\"clip\":null,\"color\":\"var(--lia-bs-white)\",\"imageAssetName\":\"\",\"imageLastModified\":\"0\",\"origin\":null,\"position\":\"CENTER_CENTER\",\"repeat\":\"NO_REPEAT\",\"size\":\"COVER\",\"__typ\r\nsolid var(--lia-bs-border-color)\",\"boxShadow\":\"var(--lia-bs-box-shadow-sm)\",\"brandMarginRight\":\"30px\",\"brandMarginRightSm\":\"10px\",\"brandLogoHeight\":\"30px\",\"linkGap\":\"10px\",\"linkJustifyContent\":\"flex-start\",\"linkPaddingY\":\"5px\",\"linkPaddingX\":\"10px\",\"linkDropdownPaddingY\":\"9px\",\"linkDropdownPaddingX\":\"var(--lia-nav-link-px)\",\"linkColor\":\"var(--lia-bs-body-color)\",\"linkHoverColor\":\"var(--lia-bs-primary)\",\"linkFontSize\":\"var(--lia-bs-font-size-sm)\",\"linkFontStyle\":\"NORMAL\",\"linkFontWeight\":\"400\",\"linkTextTransform\":\"NONE\",\"linkLetterSpacing\":\"normal\",\"linkBorderRadius\":\"var(-\r\n-lia-bs-border-radius-sm)\",\"linkBgColor\":\"transparent\",\"linkBgHoverColor\":\"transparent\",\"linkBorder\":\"none\",\"linkBorderHover\":\"none\",\"linkBoxShadow\":\"none\",\"linkBoxS\r\n-lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)\",\"controllerBgHoverColor\":\"hsla(var(--lia-bs-black-h),\r\nvar(--lia-bs-black-s), var(--lia-bs-black-l), 0.1)\",\"controllerIconColor\":\"var(--lia-bs-body-color)\",\"controllerIconHoverColor\":\"var(--lia-bs-body-color)\",\"controllerTextColor\":\"var(--lia-nav-controller-icon-color)\",\"controllerTextHoverColor\":\"var(--lia-nav-controller-icon-hover-color)\",\"controllerHighlightColor\":\"hsla(30, 100%,\r\n50%)\",\"controllerHighlightTextColor\":\"var(--lia-yiq-light)\",\"controllerBorderRadius\":\"var(--lia-border-radius-50)\",\"hamburgerColor\":\"var(--lia-nav-controller-icon-color)\",\"hamburgerHoverColor\":\"var(--lia-nav-controller-icon-color)\",\"hamburgerBgColor\":\"transparent\",\"hamburgerBgHoverColor\":\"transparent\",\"hamburgerBorder\":\"none\",\"hamburgerBorderHover\":\"none\",\"collap\r\n-lia-nav-link-color)\",\"collapseMenuDividerOpacity\":0.16,\"__typename\":\"NavbarThemeSettings\"},\"pager\":\r\n{\"textColor\":\"var(--lia-bs-link-color)\",\"textFontWeight\":\"var(--lia-font-weight-md)\",\"textFontSize\":\"var(--lia-bs-font-size-sm)\",\"__typename\":\"PagerThemeSettings\"},\"panel\":{\"bgColor\":\"var(--lia-bs-white)\",\"borderRadius\":\"var(--lia-bs-border-radius)\",\"borderColor\":\"var(--lia-bs-border-color)\",\"boxShadow\":\"none\",\"__typename\":\"PanelThemeSettings\"},\"popover\":\r\n{\"arrowHeight\":\"8px\",\"arrowWidth\":\"16px\",\"maxWidth\":\"300px\",\"minWidth\":\"100px\",\"headerBg\":\"var(--lia-bs-white)\",\"borderColor\":\"var(--lia-bs-border-color)\",\"borderRadius\":\"var(--lia-bs-border-radius)\",\"boxShadow\":\"0 0.5rem\r\n1rem hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l),\r\n0.15)\",\"__typename\":\"PopoverThemeSettings\"},\"prism\":{\"color\":\"#000000\",\"bgColor\":\"#f5f2f0\",\"fontFamily\":\"var(--font-family-monospace)\",\"fontSize\":\"var(--lia-bs-font-size-base)\",\"fontWeightBold\":\"var(--lia-bs-font-weight-bold)\",\"fontStyleItalic\":\"italic\",\"tabSize\":2,\"highlightColor\":\"#b3d4fc\",\"commentColor\":\"#62707e\",\"punctuationColor\":\"#6f6f6f\",\"namespaceOpacity\":\"\r\n0%, 100%,\r\n0.5)\",\"keywordColor\":\"#0076a9\",\"functionColor\":\"#d3284b\",\"variableColor\":\"#c14700\",\"__typename\":\"PrismThemeSettings\"},\"rte\":\r\n{\"bgColor\":\"var(--lia-bs-white)\",\"borderRadius\":\"var(--lia-panel-border-radius)\",\"boxShadow\":\" var(--lia-panel-box-shadow)\",\"customColor1\":\"#bfedd2\",\"customColor2\":\"#fbeeb8\",\"customColor3\":\"#f8cac6\",\"customColor4\":\"#eccafa\",\"customColor5\":\"#c2e0f4\",\"custo\r\n53%, 51%, 0.4)\",\"diffChangedColor\":\"hsla(43, 97%, 63%, 0.4)\",\"diffNoneColor\":\"hsla(0, 0%, 80%,\r\n0.4)\",\"diffRemovedColor\":\"hsla(9, 74%, 47%,\r\n0.4)\",\"specialMessageHeaderMarginTop\":\"40px\",\"specialMessageHeaderMarginBottom\":\"20px\",\"specialMessageItemMarginTop\":\"0\",\"specialMessageIt\r\n-lia-bs-gray-700)\",\"tableBorderStyle\":\"solid\",\"tableCellPaddingX\":\"5px\",\"tableCellPaddingY\":\"5px\",\"tableTextColor\":\"var(--lia-bs-body-color)\",\"tableVerticalAlign\":\"middle\",\"__typename\":\"RteThemeSettings\"},\"tags\":{\"bgColor\":\"var(--lia-bs-gray-200)\",\"bgHoverColor\":\"var(--lia-bs-gray-400)\",\"borderRadius\":\"var(--lia-bs-border-radius-sm)\",\"color\":\"var(--lia-bs-body-color)\",\"hoverColor\":\"var(--lia-bs-body-color)\",\"fontWeight\":\"var(--lia-font-weight-md)\",\"fontSize\":\"var(--lia-font-size-xxs)\",\"textTransform\":\"UPPERCASE\",\"letterSpacing\":\"0.5px\",\"__typename\":\"TagsThemeSettings\"},\"toasts\":\r\n{\"borderRadius\":\"var(--lia-bs-border-radius)\",\"paddingX\":\"12px\",\"__typename\":\"ToastsThemeSettings\"},\"typography\":\r\n{\"fontFamilyBase\":\"Segoe\r\nUI\",\"fontStyleBase\":\"NORMAL\",\"fontWeightBase\":\"400\",\"fontWeightLight\":\"300\",\"fontWeightNormal\":\"400\",\"fontWeightMd\":\"500\",\"fontWeightBold\r\n[{\"source\":\"SERVER\",\"name\":\"Segoe UI\",\"styles\":[{\"style\":\"NORMAL\",\"weight\":\"400\",\"__typename\":\"FontStyleData\"},\r\n{\"style\":\"NORMAL\",\"weight\":\"300\",\"__typename\":\"FontStyleData\"},\r\n{\"style\":\"NORMAL\",\"weight\":\"600\",\"__typename\":\"FontStyleData\"},\r\n{\"style\":\"NORMAL\",\"weight\":\"700\",\"__typename\":\"FontStyleData\"},\r\n{\"style\":\"ITALIC\",\"weight\":\"400\",\"__typename\":\"FontStyleData\"}],\"assetNames\":[\"SegoeUI-normal-https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 30 of 44\n\n400.woff2\",\"SegoeUI-normal-300.woff2\",\"SegoeUI-normal-600.woff2\",\"SegoeUI-normal-700.woff2\",\"SegoeUI-italic-400.woff2\"],\"__typename\":\"CustomFont\"},{\"source\":\"SERVER\",\"name\":\"MWF Fluent Icons\",\"styles\":\r\n[{\"style\":\"NORMAL\",\"weight\":\"400\",\"__typename\":\"FontStyleData\"}],\"assetNames\":[\"MWFFluentIcons-normal-400.woff2\"],\"__typename\":\"CustomFont\"}],\"__typename\":\"TypographyThemeSettings\"},\"unstyledListItem\":\r\n{\"marginBottomSm\":\"5px\",\"marginBottomMd\":\"10px\",\"marginBottomLg\":\"15px\",\"marginBottomXl\":\"20px\",\"marginBottomXxl\":\"25px\",\"__typename\"\r\n{\"light\":\"#ffffff\",\"dark\":\"#000000\",\"__typename\":\"YiqThemeSettings\"},\"colorLightness\":\r\n{\"primaryDark\":0.36,\"primaryLight\":0.74,\"primaryLighter\":0.89,\"primaryLightest\":0.95,\"infoDark\":0.39,\"infoLight\":0.72,\"infoLighter\":0.85,\"infoLighte\r\nshared/client/components/common/Loading/LoadingDot-1775111750899\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-shared/client/components/common/Loading/LoadingDot-1775111750899\",\"value\":\r\n{\"title\":\"Loading...\"},\"localOverride\":false},\"CachedAsset:quilt:o365.prod:pages/blogs/BlogMessagePage:board:MicrosoftSecurityExperts-1775111749122\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"quilt:o365.prod:pages/blogs/BlogMessagePage:board:MicrosoftSecurityExperts-1775111749122\",\"value\":{\"id\":\"BlogMessagePage\",\"container\":{\"id\":\"Common\",\"headerProps\":\r\n{\"backgroundImageProps\":null,\"backgroundColor\":null,\"addComponents\":null,\"removeComponents\":\r\n[\"community.widget.bannerWidget\"],\"componentOrder\":null,\"__typename\":\"QuiltContainerSectionProps\"},\"headerComponentProps\":\r\n{\"community.widget.breadcrumbWidget\":\r\n{\"disableLastCrumbForDesktop\":false}},\"footerProps\":null,\"footerComponentProps\":null,\"items\":[{\"id\":\"blog-article\",\"layout\":\"ONE_COLUMN\",\"bgColor\":null,\"showTitle\":null,\"showDescription\":null,\"textPosition\":null,\"textColor\":null,\"sectionEditLevel\":\"LOC\r\n{\"main\":[{\"id\":\"blogs.widget.blogArticleWidget\",\"className\":\"lia-blog-container\",\"props\":null,\"__typename\":\"QuiltComponent\"}],\"__typename\":\"OneSectionColumns\"}},{\"id\":\"section-1729184836777\",\"layout\":\"MAIN_SIDE\",\"bgColor\":\"transparent\",\"showTitle\":false,\"showDescription\":false,\"textPosition\":\"CENTER\",\"textColor\":\"var\r\n-lia-bs-body-color)\",\"sectionEditLevel\":null,\"bgImage\":null,\"disableSpacing\":null,\"edgeToEdgeDisplay\":null,\"fullHeight\":null,\"showBorder\":null,\"__typename\":\"Ma\r\n{\"main\":[],\"side\":[{\"id\":\"custom.widget.UnregisteredCTAWidget\",\"className\":null,\"props\":\r\n{\"widgetVisibility\":\"anonymousOnly\",\"useTitle\":true,\"useBackground\":false,\"title\":\"\",\"lazyLoad\":false,\"widgetChooser\":\"custom.widget.UnregisteredCT\r\ncomponents/common/EmailVerification-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/common/EmailVerification-1775111750899\",\"value\":{\"email.verification.title\":\"Email Verification\r\nRequired\",\"email.verification.message.update.email\":\"To participate in the community, you must first verify your email\r\naddress. The verification email was sent to {email}. To change your email, visit My\r\nSettings.\",\"email.verification.message.resend.email\":\"To participate in the community, you must first verify your email\r\naddress. The verification email was sent to {email}. Resend email.\"},\"localOverride\":false},\"CachedAsset:text:en_US-pages/blogs/BlogMessagePage-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-pages/blogs/BlogMessagePage-1775111750899\",\"value\":{\"title\":\"{contextMessageSubject} |\r\n{communityTitle}\",\"errorMissing\":\"This blog post cannot be found\",\"name\":\"Blog Message Page\",\"section.blog-article.title\":\"Blog Post\",\"archivedMessageTitle\":\"This Content Has Been Archived\",\"section.section-1729184836777.title\":\"\",\"section.section-1729184836777.description\":\"\",\"section.CncIde.title\":\"Blog\r\nPost\",\"section.tifEmD.description\":\"\",\"section.tifEmD.title\":\"\"},\"localOverride\":false},\"CachedAsset:quiltWrapper:o365.prod:Common:1775111735077\"\r\n{\"__typename\":\"CachedAsset\",\"id\":\"quiltWrapper:o365.prod:Common:1775111735077\",\"value\":\r\n{\"id\":\"Common\",\"header\":{\"backgroundImageProps\":\r\n{\"assetName\":null,\"backgroundSize\":\"COVER\",\"backgroundRepeat\":\"NO_REPEAT\",\"backgroundPosition\":\"CENTER_CENTER\",\"lastModified\":null,\"\r\n[{\"id\":\"community.widget.navbarWidget\",\"props\":\r\n{\"showUserName\":true,\"showRegisterLink\":true,\"useIconLanguagePicker\":true,\"useLabelLanguagePicker\":true,\"style\":\r\n{\"boxShadow\":\"var(--lia-bs-box-shadow-sm)\",\"linkFontWeight\":\"400\",\"controllerHighlightColor\":\"hsla(30, 100%,\r\n50%)\",\"dropdownDividerMarginBottom\":\"10px\",\"hamburgerBorderHover\":\"none\",\"linkFontSize\":\"14px\",\"linkBoxShadowHover\":\"none\",\"backgroundO\r\n-lia-border-radius-50)\",\"hamburgerBgColor\":\"transparent\",\"linkTextBorderBottom\":\"none\",\"hamburgerColor\":\"var(--lia-nav-controller-icon-color)\",\"brandLogoHeight\":\"30px\",\"linkLetterSpacing\":\"normal\",\"linkBgHoverColor\":\"transparent\",\"collapseMenuDividerOpacity\":0.16,\"paddingBottom\r\nsolid var(--lia-bs-border-color)\",\"hamburgerBorder\":\"none\",\"dropdownPaddingX\":\"10px\",\"brandMarginRightSm\":\"10px\",\"linkBoxShadow\":\"none\",\"linkJustifyContent\":\"flex-start\",\"linkColor\":\"var(--lia-bs-body-color)\",\"collapseMenuDividerBg\":\"var(--lia-nav-link-color)\",\"dropdownPaddingTop\":\"10px\",\"controllerTextColor\":\"var(--lia-nav-controller-icon-color)\",\"controllerHighlightTextColor\":\"var(--lia-yiq-dark)\",\"background\":{\"imageAssetName\":\"\",\"color\":\"var(--lia-bs-white)\",\"size\":\"COVER\",\"repeat\":\"NO_REPEAT\",\"position\":\"CENTER_CENTER\",\"imageLastModified\":\"\"},\"linkBorderRadius\":\"var(-\r\n-lia-bs-border-radius-sm)\",\"linkHoverColor\":\"var(--lia-bs-body-color)\",\"position\":\"FIXED\",\"linkBorder\":\"none\",\"linkTextBorderBottomHover\":\"2px solid var(--lia-bs-primary)\",\"brandMarginRight\":\"30px\",\"hamburgerHoverColor\":\"var(--lia-nav-controller-icon-color)\",\"linkBorderHover\":\"none\",\"collapseMenuMarginLeft\":\"20px\",\"linkFontStyle\":\"NORMAL\",\"linkPaddingX\":\"10px\",\"controllerTextHoverColor\":\r\n-lia-nav-controller-icon-hover-color)\",\"paddingTop\":\"15px\",\"linkPaddingY\":\"5px\",\"linkTextTransform\":\"NONE\",\"dropdownBorderColor\":\"hsla(var(--lia-bs-black-h), var(--lia-bs-black-s), var(--lia-bs-black-l), 0.08)\",\"controllerBgHoverColor\":\"hsla(var(--lia-bs-black-h), var(--\r\nlia-bs-black-s), var(--lia-bs-black-l), 0.1)\",\"linkDropdownPaddingX\":\"var(--lia-nav-link-px)\",\"linkBgColor\":\"transparent\",\"linkDropdownPaddingY\":\"9px\",\"controllerIconColor\":\"var(--lia-bs-body-color)\",\"dropdownDividerMarginTop\":\"10px\",\"linkGap\":\"10px\",\"controllerIconHoverColor\":\"var(--lia-bs-body-https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 31 of 44\n\ncolor)\"},\"links\":{\"sideLinks\":[],\"logoLinks\":[],\"mainLinks\":[{\"children\":\r\n[],\"linkType\":\"INTERNAL\",\"id\":\"gxcuf89792\",\"params\":{},\"routeName\":\"CommunityPage\"},{\"children\":\r\n[],\"linkType\":\"EXTERNAL\",\"id\":\"community-hub-link\",\"url\":\"/Directory\",\"target\":\"SELF\"},{\"children\":\r\n[{\"linkType\":\"INTERNAL\",\"id\":\"Common-microsoft365-link\",\"params\":\r\n{\"categoryId\":\"microsoft365\"},\"routeName\":\"CategoryPage\"},{\"linkType\":\"INTERNAL\",\"id\":\"Common-windows-link\",\"params\":{\"categoryId\":\"Windows\"},\"routeName\":\"CategoryPage\"},{\"linkType\":\"INTERNAL\",\"id\":\"Common-microsoft-security-link\",\"params\":{\"categoryId\":\"microsoft-security\"},\"routeName\":\"CategoryPage\"},\r\n{\"linkType\":\"INTERNAL\",\"id\":\"Common-microsoft-teams-link\",\"params\":\r\n{\"categoryId\":\"MicrosoftTeams\"},\"routeName\":\"CategoryPage\"},{\"linkType\":\"INTERNAL\",\"id\":\"Common-azure-link\",\"params\":{\"categoryId\":\"Azure\"},\"routeName\":\"CategoryPage\"},{\"linkType\":\"INTERNAL\",\"id\":\"Common-content_management-link\",\"params\":{\"categoryId\":\"Content_Management\"},\"routeName\":\"CategoryPage\"},\r\n{\"linkType\":\"INTERNAL\",\"id\":\"Common-microsoftintune-link\",\"params\":\r\n{\"categoryId\":\"microsoftintune\"},\"routeName\":\"CategoryPage\"},{\"linkType\":\"INTERNAL\",\"id\":\"Common-exchange-link\",\"params\":{\"categoryId\":\"Exchange\"},\"routeName\":\"CategoryPage\"},{\"linkType\":\"INTERNAL\",\"id\":\"Common-windows-server-link\",\"params\":{\"categoryId\":\"Windows-Server\"},\"routeName\":\"CategoryPage\"},\r\n{\"linkType\":\"INTERNAL\",\"id\":\"Common-outlook-link\",\"params\":\r\n{\"categoryId\":\"Outlook\"},\"routeName\":\"CategoryPage\"},{\"linkType\":\"INTERNAL\",\"id\":\"Common-microsoft365-copilot-link\",\"params\":{\"categoryId\":\"Microsoft365Copilot\"},\"routeName\":\"CategoryPage\"},\r\n{\"linkType\":\"EXTERNAL\",\"id\":\"Common_Enntvz-view-all-products-link\",\"url\":\"/Directory\",\"target\":\"SELF\"}],\"linkType\":\"EXTERNAL\",\"id\":\"products-link\",\"url\":\"/\",\"target\":\"SELF\"},\r\n{\"children\":[{\"linkType\":\"INTERNAL\",\"id\":\"Common-education-sector-link\",\"params\":\r\n{\"categoryId\":\"EducationSector\"},\"routeName\":\"CategoryPage\"},{\"linkType\":\"INTERNAL\",\"id\":\"Common-partner-community-link\",\"params\":{\"categoryId\":\"PartnerCommunity\"},\"routeName\":\"CategoryPage\"},\r\n{\"linkType\":\"INTERNAL\",\"id\":\"Common-healthcare-and-life-sciences-link\",\"params\":\r\n{\"categoryId\":\"HealthcareAndLifeSciences\"},\"routeName\":\"CategoryPage\"},{\"linkType\":\"INTERNAL\",\"id\":\"Common-i-t-ops-talk-link\",\"params\":{\"categoryId\":\"ITOpsTalk\"},\"routeName\":\"CategoryPage\"},\r\n{\"linkType\":\"INTERNAL\",\"id\":\"Common-public-sector-link\",\"params\":\r\n{\"categoryId\":\"PublicSector\"},\"routeName\":\"CategoryPage\"},{\"linkType\":\"INTERNAL\",\"id\":\"Common-microsoftfor-nonprofits-link\",\"params\":{\"categoryId\":\"MicrosoftforNonprofits\"},\"routeName\":\"CategoryPage\"},\r\n{\"linkType\":\"INTERNAL\",\"id\":\"Common-io-t-link\",\"params\":{\"categoryId\":\"IoT\"},\"routeName\":\"CategoryPage\"},\r\n{\"linkType\":\"INTERNAL\",\"id\":\"Common-mvp-link\",\"params\":{\"categoryId\":\"mvp\"},\"routeName\":\"CategoryPage\"},\r\n{\"linkType\":\"INTERNAL\",\"id\":\"Common-microsoft-mechanics-link\",\"params\":\r\n{\"categoryId\":\"MicrosoftMechanics\"},\"routeName\":\"CategoryPage\"},{\"linkType\":\"INTERNAL\",\"id\":\"Common-driving-adoption-link\",\"params\":{\"categoryId\":\"DrivingAdoption\"},\"routeName\":\"CategoryPage\"},\r\n{\"linkType\":\"INTERNAL\",\"id\":\"Common-microsoft-learn-for-educators-link\",\"params\":{\"categoryId\":\"microsoft-learn-for-educators\"},\"routeName\":\"CategoryPage\"}],\"linkType\":\"EXTERNAL\",\"id\":\"topics-link\",\"url\":\"/\",\"target\":\"SELF\"},\r\n{\"children\":[],\"linkType\":\"EXTERNAL\",\"id\":\"all-blogs-link\",\"url\":\"/Blogs\",\"target\":\"SELF\"},{\"children\":\r\n[],\"linkType\":\"EXTERNAL\",\"id\":\"all-events-link\",\"url\":\"/Events\",\"target\":\"SELF\"},{\"children\":\r\n[{\"linkType\":\"INTERNAL\",\"id\":\"Skills-Hub-link\",\"params\":{\"categoryId\":\"skills-hub\"},\"routeName\":\"CategoryPage\"},\r\n{\"linkType\":\"INTERNAL\",\"id\":\"Skills-Hub-Blog\",\"params\":{\"boardId\":\"skills-hub-blog\",\"categoryId\":\"skills-hub\"},\"routeName\":\"BlogBoardPage\"},{\"linkType\":\"EXTERNAL\",\"id\":\"ms-learn-ext-LD\",\"url\":\"/category/skills-hub?\r\ntab=grouphub\",\"target\":\"BLANK\"},{\"linkType\":\"EXTERNAL\",\"id\":\"ms-learn-ext-dynamics\",\"url\":\"https://docs.microsoft.com/learn/dynamics365/?WT.mc_id=techcom_header-webpage-m365\",\"target\":\"BLANK\"},{\"linkType\":\"EXTERNAL\",\"id\":\"ms-learn-ext-m365\",\"url\":\"https://docs.microsoft.com/learn/m365/?wt.mc_id=techcom_header-webpage-m365\",\"target\":\"BLANK\"},\r\n{\"linkType\":\"EXTERNAL\",\"id\":\"ms-learn-ext-security\",\"url\":\"https://docs.microsoft.com/learn/topics/sci/?\r\nwt.mc_id=techcom_header-webpage-m365\",\"target\":\"BLANK\"},{\"linkType\":\"EXTERNAL\",\"id\":\"ms-learn-ext-pp\",\"url\":\"https://docs.microsoft.com/learn/powerplatform/?wt.mc_id=techcom_header-webpage-powerplatform\",\"target\":\"BLANK\"},{\"linkType\":\"EXTERNAL\",\"id\":\"ms-learn-ext-github\",\"url\":\"https://docs.microsoft.com/learn/github/?wt.mc_id=techcom_header-webpage-github\",\"target\":\"BLANK\"},\r\n{\"linkType\":\"EXTERNAL\",\"id\":\"ms-learn-ext-teams\",\"url\":\"https://docs.microsoft.com/learn/teams/?\r\nwt.mc_id=techcom_header-webpage-teams\",\"target\":\"BLANK\"},{\"linkType\":\"EXTERNAL\",\"id\":\"ms-learn-ext-net\",\"url\":\"https://docs.microsoft.com/learn/dotnet/?wt.mc_id=techcom_header-webpage-dotnet\",\"target\":\"BLANK\"},\r\n{\"linkType\":\"EXTERNAL\",\"id\":\"ms-learn-ext-azure\",\"url\":\"https://docs.microsoft.com/learn/azure/?\r\nWT.mc_id=techcom_header-webpage-m365\",\"target\":\"BLANK\"}],\"linkType\":\"INTERNAL\",\"id\":\"Skills-Hub\",\"params\":\r\n{\"categoryId\":\"skills-hub\"},\"routeName\":\"CategoryPage\"},{\"children\":[{\"linkType\":\"INTERNAL\",\"id\":\"Common-community-info-center-link\",\"params\":{\"categoryId\":\"Community-Info-Center\"},\"routeName\":\"CategoryPage\"},\r\n{\"linkType\":\"INTERNAL\",\"id\":\"Common-usergroups-link\",\"params\":\r\n{\"categoryId\":\"usergroups\"},\"routeName\":\"CategoryPage\"},{\"linkType\":\"INTERNAL\",\"id\":\"Common-community-news-desk-link\",\"params\":{\"categoryId\":\"CommunityNewsDesk\"},\"routeName\":\"CategoryPage\"},\r\n{\"linkType\":\"INTERNAL\",\"id\":\"Common-microsoft-global-community-initiative-link\",\"params\":{\"categoryId\":\"microsoft-global-community-initiative\"},\"routeName\":\"CategoryPage\"}],\"linkType\":\"INTERNAL\",\"id\":\"Common-gxcuf89792-\r\ncommunity\",\"params\":\r\n{},\"routeName\":\"CommunityPage\"}]},\"showSearchIcon\":true,\"languagePickerStyle\":\"iconAndLabel\"},\"__typename\":\"QuiltComponent\"},\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 32 of 44\n\n{\"id\":\"community.widget.breadcrumbWidget\",\"props\":{\"backgroundColor\":\"transparent\",\"linkHighlightColor\":\"var(--lia-bs-primary)\",\"visualEffects\":{\"showBottomBorder\":true},\"linkTextColor\":\"var(--lia-bs-gray-700)\"},\"__typename\":\"QuiltComponent\"},{\"id\":\"custom.widget.CommunityBanner\",\"props\":\r\n{\"widgetVisibility\":\"signedInOrAnonymous\",\"useTitle\":true,\"usePageWidth\":false,\"useBackground\":false,\"title\":\"\",\"lazyLoad\":false},\"__typename\":\"Qu\r\n{\"id\":\"custom.widget.ChatbotWidget\",\"props\":\r\n{\"customComponentId\":\"custom.widget.ChatbotWidget\",\"cDisplay_form\":true,\"useBackground\":false},\"__typename\":\"QuiltComponent\"},\r\n{\"id\":\"custom.widget.HeroBanner\",\"props\":\r\n{\"widgetVisibility\":\"signedInOrAnonymous\",\"usePageWidth\":false,\"useTitle\":true,\"cMax_items\":3,\"useBackground\":false,\"title\":\"\",\"lazyLoad\":false,\"w\r\n{\"backgroundImageProps\":\r\n{\"assetName\":null,\"backgroundSize\":\"COVER\",\"backgroundRepeat\":\"NO_REPEAT\",\"backgroundPosition\":\"CENTER_CENTER\",\"lastModified\":null,\"\r\n[{\"id\":\"custom.widget.SocialSharing\",\"props\":\r\n{\"widgetVisibility\":\"signedInOrAnonymous\",\"useTitle\":true,\"useBackground\":false,\"title\":\"\",\"lazyLoad\":false},\"__typename\":\"QuiltComponent\"},\r\n{\"id\":\"custom.widget.MicrosoftFooter\",\"props\":\r\n{\"widgetVisibility\":\"signedInOrAnonymous\",\"useTitle\":true,\"useBackground\":false,\"title\":\"\",\"lazyLoad\":false},\"__typename\":\"QuiltComponent\"}],\"__ty\r\ncomponents/common/ActionFeedback-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/common/ActionFeedback-1775111750899\",\"value\":\r\n{\"joinedGroupHub.title\":\"Welcome\",\"joinedGroupHub.message\":\"You are now a member of this group and are subscribed\r\nto updates.\",\"groupHubInviteNotFound.title\":\"Invitation Not Found\",\"groupHubInviteNotFound.message\":\"Sorry, we could\r\nnot find your invitation to the group. The owner may have canceled the invite.\",\"groupHubNotFound.title\":\"Group Not\r\nFound\",\"groupHubNotFound.message\":\"The grouphub you tried to join does not exist. It may have been\r\ndeleted.\",\"existingGroupHubMember.title\":\"Already Joined\",\"existingGroupHubMember.message\":\"You are already a\r\nmember of this group.\",\"accountLocked.title\":\"Account Locked\",\"accountLocked.message\":\"Your account has been locked\r\ndue to multiple failed attempts. Try again in {lockoutTime} minutes.\",\"editedGroupHub.title\":\"Changes\r\nSaved\",\"editedGroupHub.message\":\"Your group has been\r\nupdated.\",\"leftGroupHub.title\":\"Goodbye\",\"leftGroupHub.message\":\"You are no longer a member of this group and will not\r\nreceive future updates.\",\"deletedGroupHub.title\":\"Deleted\",\"deletedGroupHub.message\":\"The group has been\r\ndeleted.\",\"groupHubCreated.title\":\"Group Created\",\"groupHubCreated.message\":\"{groupHubName} is ready to\r\nuse\",\"accountClosed.title\":\"Account Closed\",\"accountClosed.message\":\"The account has been closed and you will now be\r\nredirected to the homepage\",\"resetTokenExpired.title\":\"Reset Password Link has\r\nExpired\",\"resetTokenExpired.message\":\"Try resetting your password again\",\"invalidUrl.title\":\"Invalid\r\nURL\",\"invalidUrl.message\":\"The URL you're using is not recognized. Verify your URL and try\r\nagain.\",\"accountClosedForUser.title\":\"Account Closed\",\"accountClosedForUser.message\":\"{userName}'s account is\r\nclosed\",\"inviteTokenInvalid.title\":\"Invitation Invalid\",\"inviteTokenInvalid.message\":\"Your invitation to the community has\r\nbeen canceled or expired.\",\"inviteTokenError.title\":\"Invitation Verification Failed\",\"inviteTokenError.message\":\"The url you\r\nare utilizing is not recognized. Verify your URL and try again\",\"pageNotFound.title\":\"Access\r\nDenied\",\"pageNotFound.message\":\"You do not have access to this area of the community or it doesn't\r\nexist\",\"eventAttending.title\":\"Responded as Attending\",\"eventAttending.message\":\"You'll be notified when there's new\r\nactivity and reminded as the event approaches\",\"eventInterested.title\":\"Responded as\r\nInterested\",\"eventInterested.message\":\"You'll be notified when there's new activity and reminded as the event\r\napproaches\",\"eventNotFound.title\":\"Event Not Found\",\"eventNotFound.message\":\"The event you tried to respond to does\r\nnot exist.\",\"redirectToRelatedPage.title\":\"Showing Related Content\",\"redirectToRelatedPageForBaseUsers.title\":\"Showing\r\nRelated Content\",\"redirectToRelatedPageForBaseUsers.message\":\"The content you are trying to access is\r\narchived\",\"redirectToRelatedPage.message\":\"The content you are trying to access is\r\narchived\",\"relatedUrl.archivalLink.flyoutMessage\":\"The content you are trying to access is archived View Archived\r\nContent\"},\"localOverride\":false},\"CachedAsset:component:custom.widget.CommunityBanner-en-us-1775107888865\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"component:custom.widget.CommunityBanner-en-us-1775107888865\",\"value\":\r\n{\"component\":{\"id\":\"custom.widget.CommunityBanner\",\"template\":\r\n{\"id\":\"CommunityBanner\",\"markupLanguage\":\"REACT\",\"style\":null,\"texts\":null,\"defaults\":{\"config\":{\"applicablePages\":\r\n[],\"description\":null,\"fetchedContent\":null,\"__typename\":\"ComponentConfiguration\"},\"props\":\r\n[],\"__typename\":\"ComponentProperties\"},\"components\":\r\n[{\"id\":\"custom.widget.CommunityBanner\",\"form\":null,\"config\":null,\"props\":\r\n[],\"__typename\":\"Component\"}],\"grouping\":\"CUSTOM\",\"__typename\":\"ComponentTemplate\"},\"properties\":{\"config\":\r\n{\"applicablePages\":[],\"description\":null,\"fetchedContent\":null,\"__typename\":\"ComponentConfiguration\"},\"props\":\r\n[],\"__typename\":\"ComponentProperties\"},\"form\":null,\"__typename\":\"Component\",\"localOverride\":false},\"globalCss\":null,\"form\":null},\"localOverride\":\r\nen-us-1775107888865\":{\"__typename\":\"CachedAsset\",\"id\":\"component:custom.widget.ChatbotWidget-en-us-1775107888865\",\"value\":{\"component\":{\"id\":\"custom.widget.ChatbotWidget\",\"template\":\r\n{\"id\":\"ChatbotWidget\",\"markupLanguage\":\"REACT\",\"style\":null,\"texts\":{\"chatbot.references.title\":\"Related\r\nArticles\",\"chatbot.welcome.title\":\"Welcome!\",\"chatbot.welcome.description\":\"I'm here to help you explore and discover\r\ngreat content.\",\"chatbot.welcome.prompt\":\"Ask me a question or choose a suggestion below to get\r\nstarted:\",\"chatbot.welcome.cta\":\"Let's dive in—what would you like to discover today?\",\"chatbot.status.typing\":\"Assistant\r\nis typing…\",\"chatbot.status.error\":\"error\",\"chatbot.error.response\":\"Failed to get response. Please try\r\nagain.\",\"chatbot.error.processing\":\"There was an error processing your message.\",\"chatbot.error.configuration\":\"API URL\r\nnot configured\",\"chatbot.error.network\":\"Network error occurred. Please check your connection and try\r\nagain.\",\"chatbot.error.timeout\":\"Request timed out. Please try again.\",\"chatbot.error.emptyResponse\":\"I couldn't generate a\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 33 of 44\n\nresponse. Please try rephrasing your question.\",\"chatbot.buttons.send\":\"Send\",\"chatbot.buttons.close\":\"Close\r\nchat\",\"chatbot.buttons.newChat\":\"Start new chat\",\"chatbot.buttons.collapse\":\"Collapse chat\r\npanel\",\"chatbot.buttons.expand\":\"Expand chat panel\",\"chatbot.buttons.fullscreen\":\"Enter\r\nfullscreen\",\"chatbot.buttons.exitFullscreen\":\"Exit fullscreen\",\"chatbot.buttons.like\":\"Like this\r\nresponse\",\"chatbot.buttons.dislike\":\"Dislike this response\",\"chatbot.buttons.removeLike\":\"Remove\r\nlike\",\"chatbot.buttons.removeDislike\":\"Remove dislike\",\"chatbot.aria.chatInput\":\"Chat\r\ninput\",\"chatbot.aria.sendMessage\":\"Send message\",\"chatbot.aria.openChat\":\"Open chat\r\nassistant\",\"chatbot.aria.closeChat\":\"Close chat assistant\",\"chatbot.defaults.title\":\"Ask Tech\r\nCommunity\",\"chatbot.defaults.subtitle\":\"Ask questions – get answers\",\"chatbot.defaults.entryHeading\":\"Find\r\nanswers\",\"chatbot.defaults.entrySubtext\":\"Ask the agent\",\"chatbot.defaults.placeholder\":\"Type your\r\nmessage…\",\"chatbot.defaults.initialMessage\":\"Hi! I'm your assistant. Ask me something or pick a suggestion above to\r\nbegin.\",\"chatbot.suggestions.findBlogs\":\"Find insightful blogs\",\"chatbot.suggestions.exploreEvents\":\"Explore upcoming\r\nevents\",\"chatbot.suggestions.startJourney\":\"Start your journey with something new\",\"chatbot.dialog.endConversation\":\"End\r\nconversation\",\"chatbot.dialog.confirmEndConversation\":\"Do you want to end this conversation and start\r\nover?\",\"chatbot.dialog.endConversationButton\":\"End\r\nconversation\",\"chatbot.dialog.cancel\":\"Cancel\",\"chatbot.error.genericServiceUnavailable\":\"The service is currently\r\nunavailable. Please try again later.\",\"chatbot.error.noResults\":\"We could not find any information related to your query. Try\r\nrephrasing your query.\"},\"defaults\":{\"config\":{\"applicablePages\":\r\n[],\"description\":null,\"fetchedContent\":null,\"__typename\":\"ComponentConfiguration\"},\"props\":\r\n[],\"__typename\":\"ComponentProperties\"},\"components\":\r\n[{\"id\":\"custom.widget.ChatbotWidget\",\"form\":null,\"config\":null,\"props\":\r\n[],\"__typename\":\"Component\"}],\"grouping\":\"CUSTOM\",\"__typename\":\"ComponentTemplate\"},\"properties\":{\"config\":\r\n{\"applicablePages\":[],\"description\":null,\"fetchedContent\":null,\"__typename\":\"ComponentConfiguration\"},\"props\":\r\n[],\"__typename\":\"ComponentProperties\"},\"form\":null,\"__typename\":\"Component\",\"localOverride\":false},\"globalCss\":null,\"form\":null},\"localOverride\":\r\nen-us-1775107888865\":{\"__typename\":\"CachedAsset\",\"id\":\"component:custom.widget.HeroBanner-en-us-1775107888865\",\"value\":{\"component\":{\"id\":\"custom.widget.HeroBanner\",\"template\":\r\n{\"id\":\"HeroBanner\",\"markupLanguage\":\"REACT\",\"style\":null,\"texts\":{\"searchPlaceholderText\":\"Search this\r\ncommunity\",\"followActionText\":\"Follow\",\"unfollowActionText\":\"Following\",\"searchOnHoverText\":\"Please enter your\r\nsearch term(s) and then press return key to complete a search.\",\"blogs.sidebar.pagetitle\":\"Latest Blogs | Microsoft Tech\r\nCommunity\",\"followThisNode\":\"Follow this node\",\"unfollowThisNode\":\"Unfollow this\r\nnode\",\"customField.teamsLink.title\":\"Microsoft teams link\",\"customField.teamsLink.label\":\"Teams meeting\r\nurl\"},\"defaults\":{\"config\":{\"applicablePages\":\r\n[],\"description\":null,\"fetchedContent\":null,\"__typename\":\"ComponentConfiguration\"},\"props\":\r\n[{\"id\":\"max_items\",\"dataType\":\"NUMBER\",\"list\":false,\"defaultValue\":\"3\",\"label\":\"Max Items\",\"description\":\"The\r\nmaximum number of items to display in the\r\ncarousel\",\"possibleValues\":null,\"control\":\"INPUT\",\"__typename\":\"PropDefinition\"}],\"__typename\":\"ComponentProperties\"},\"components\":\r\n[{\"id\":\"custom.widget.HeroBanner\",\"form\":{\"fields\":\r\n[{\"id\":\"widgetChooser\",\"validation\":null,\"noValidation\":null,\"dataType\":\"STRING\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\r\n{\"id\":\"title\",\"validation\":null,\"noValidation\":null,\"dataType\":\"STRING\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\":null,\"possi\r\n{\"id\":\"useTitle\",\"validation\":null,\"noValidation\":null,\"dataType\":\"BOOLEAN\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\":nul\r\n{\"id\":\"useBackground\",\"validation\":null,\"noValidation\":null,\"dataType\":\"BOOLEAN\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"descripti\r\n{\"id\":\"widgetVisibility\",\"validation\":null,\"noValidation\":null,\"dataType\":\"STRING\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\r\n{\"id\":\"moreOptions\",\"validation\":null,\"noValidation\":null,\"dataType\":\"STRING\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\":n\r\n{\"id\":\"cMax_items\",\"validation\":null,\"noValidation\":null,\"dataType\":\"NUMBER\",\"list\":false,\"control\":\"INPUT\",\"defaultValue\":\"3\",\"label\":\"Max\r\nItems\",\"description\":\"The maximum number of items to display in the\r\ncarousel\",\"possibleValues\":null,\"__typename\":\"FormField\"}],\"layout\":{\"rows\":\r\n[{\"id\":\"widgetChooserGroup\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"widgetChooser\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\":\r\n{\"id\":\"titleGroup\",\"type\":\"fieldset\",\"as\":null,\"items\":[{\"id\":\"title\",\"className\":null,\"__typename\":\"FormFieldRef\"},\r\n{\"id\":\"useTitle\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\":null,\"to\r\n{\"id\":\"useBackground\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"useBackground\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\"\r\n{\"id\":\"widgetVisibility\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"widgetVisibility\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\"\r\n{\"id\":\"moreOptionsGroup\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"moreOptions\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\":nu\r\n{\"id\":\"componentPropsGroup\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"cMax_items\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\":nu\r\n[],\"__typename\":\"Component\"}],\"grouping\":\"CUSTOM\",\"__typename\":\"ComponentTemplate\"},\"properties\":{\"config\":\r\n{\"applicablePages\":[],\"description\":null,\"fetchedContent\":null,\"__typename\":\"ComponentConfiguration\"},\"props\":\r\n[{\"id\":\"max_items\",\"dataType\":\"NUMBER\",\"list\":false,\"defaultValue\":\"3\",\"label\":\"Max Items\",\"description\":\"The\r\nmaximum number of items to display in the\r\ncarousel\",\"possibleValues\":null,\"control\":\"INPUT\",\"__typename\":\"PropDefinition\"}],\"__typename\":\"ComponentProperties\"},\"form\":\r\n{\"fields\":\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 34 of 44\n\n[{\"id\":\"widgetChooser\",\"validation\":null,\"noValidation\":null,\"dataType\":\"STRING\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\r\n{\"id\":\"title\",\"validation\":null,\"noValidation\":null,\"dataType\":\"STRING\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\":null,\"possi\r\n{\"id\":\"useTitle\",\"validation\":null,\"noValidation\":null,\"dataType\":\"BOOLEAN\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\":nul\r\n{\"id\":\"useBackground\",\"validation\":null,\"noValidation\":null,\"dataType\":\"BOOLEAN\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"descripti\r\n{\"id\":\"widgetVisibility\",\"validation\":null,\"noValidation\":null,\"dataType\":\"STRING\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\r\n{\"id\":\"moreOptions\",\"validation\":null,\"noValidation\":null,\"dataType\":\"STRING\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\":n\r\n{\"id\":\"cMax_items\",\"validation\":null,\"noValidation\":null,\"dataType\":\"NUMBER\",\"list\":false,\"control\":\"INPUT\",\"defaultValue\":\"3\",\"label\":\"Max\r\nItems\",\"description\":\"The maximum number of items to display in the\r\ncarousel\",\"possibleValues\":null,\"__typename\":\"FormField\"}],\"layout\":{\"rows\":\r\n[{\"id\":\"widgetChooserGroup\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"widgetChooser\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\":\r\n{\"id\":\"titleGroup\",\"type\":\"fieldset\",\"as\":null,\"items\":[{\"id\":\"title\",\"className\":null,\"__typename\":\"FormFieldRef\"},\r\n{\"id\":\"useTitle\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\":null,\"to\r\n{\"id\":\"useBackground\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"useBackground\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\"\r\n{\"id\":\"widgetVisibility\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"widgetVisibility\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\"\r\n{\"id\":\"moreOptionsGroup\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"moreOptions\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\":nu\r\n{\"id\":\"componentPropsGroup\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"cMax_items\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\":nu\r\n{\"fields\":\r\n[{\"id\":\"widgetChooser\",\"validation\":null,\"noValidation\":null,\"dataType\":\"STRING\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\r\n{\"id\":\"title\",\"validation\":null,\"noValidation\":null,\"dataType\":\"STRING\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\":null,\"possi\r\n{\"id\":\"useTitle\",\"validation\":null,\"noValidation\":null,\"dataType\":\"BOOLEAN\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\":nul\r\n{\"id\":\"useBackground\",\"validation\":null,\"noValidation\":null,\"dataType\":\"BOOLEAN\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"descripti\r\n{\"id\":\"widgetVisibility\",\"validation\":null,\"noValidation\":null,\"dataType\":\"STRING\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\r\n{\"id\":\"moreOptions\",\"validation\":null,\"noValidation\":null,\"dataType\":\"STRING\",\"list\":null,\"control\":null,\"defaultValue\":null,\"label\":null,\"description\":n\r\n{\"id\":\"cMax_items\",\"validation\":null,\"noValidation\":null,\"dataType\":\"NUMBER\",\"list\":false,\"control\":\"INPUT\",\"defaultValue\":\"3\",\"label\":\"Max\r\nItems\",\"description\":\"The maximum number of items to display in the\r\ncarousel\",\"possibleValues\":null,\"__typename\":\"FormField\"}],\"layout\":{\"rows\":\r\n[{\"id\":\"widgetChooserGroup\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"widgetChooser\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\":\r\n{\"id\":\"titleGroup\",\"type\":\"fieldset\",\"as\":null,\"items\":[{\"id\":\"title\",\"className\":null,\"__typename\":\"FormFieldRef\"},\r\n{\"id\":\"useTitle\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\":null,\"to\r\n{\"id\":\"useBackground\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"useBackground\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\"\r\n{\"id\":\"widgetVisibility\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"widgetVisibility\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\"\r\n{\"id\":\"moreOptionsGroup\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"moreOptions\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\":nu\r\n{\"id\":\"componentPropsGroup\",\"type\":\"fieldset\",\"as\":null,\"items\":\r\n[{\"id\":\"cMax_items\",\"className\":null,\"__typename\":\"FormFieldRef\"}],\"props\":null,\"legend\":null,\"description\":null,\"className\":null,\"viewVariant\":nu\r\nen-us-1775107888865\":{\"__typename\":\"CachedAsset\",\"id\":\"component:custom.widget.UnregisteredCTAWidget-en-us-1775107888865\",\"value\":{\"component\":{\"id\":\"custom.widget.UnregisteredCTAWidget\",\"template\":\r\n{\"id\":\"UnregisteredCTAWidget\",\"markupLanguage\":\"REACT\",\"style\":null,\"texts\":{\"register.communityHub\":\"Welcome to\r\nthe {name} Community Hub. Sign in to like, participate, or start a conversation.\",\"register.category\":\"Welcome to the\r\n{name} Community Hub. Sign in to like, participate, or start a conversation.\",\"register.discussionBoard\":\"Welcome to the\r\n{name} space. Sign in to like, reply, or start a discussion.\",\"register.blogSpace\":\"Welcome to the {name} space. Sign in to\r\nlike or comment on articles in this space.\",\"register.eventSpace\":\"Welcome to the {name} space. Sign in to RSVP, add\r\nevents to your calendar, and join the conversation.\",\"register.ideaSpace\":\"Welcome to the {name} space. Sign in to vote,\r\ncomment, or submit your own feedback.\",\"buttonRegister\":\"Sign in\",\"register.discussionBoardArticle\":\"Have a question or\r\ninsight to share? Sign in to join the discussion.\",\"register.blogSpaceArticle\":\"Enjoying the article? Sign in to share your\r\nthoughts.\",\"register.eventSpaceArticle\":\"Don’t just watch - take part. Sign in to RSVP, ask questions, and join the\r\ndiscussion.\",\"register.ideaSpaceArticle\":\"Sign in to submit ideas, upvote ideas, and join the conversation.\"},\"defaults\":\r\n{\"config\":{\"applicablePages\":\r\n[],\"description\":null,\"fetchedContent\":null,\"__typename\":\"ComponentConfiguration\"},\"props\":\r\n[],\"__typename\":\"ComponentProperties\"},\"components\":\r\n[{\"id\":\"custom.widget.UnregisteredCTAWidget\",\"form\":null,\"config\":null,\"props\":\r\n[],\"__typename\":\"Component\"}],\"grouping\":\"CUSTOM\",\"__typename\":\"ComponentTemplate\"},\"properties\":{\"config\":\r\n{\"applicablePages\":[],\"description\":null,\"fetchedContent\":null,\"__typename\":\"ComponentConfiguration\"},\"props\":\r\n[],\"__typename\":\"ComponentProperties\"},\"form\":null,\"__typename\":\"Component\",\"localOverride\":false},\"globalCss\":null,\"form\":null},\"localOverride\":\r\nen-us-1775107888865\":{\"__typename\":\"CachedAsset\",\"id\":\"component:custom.widget.SocialSharing-en-us-1775107888865\",\"value\":{\"component\":{\"id\":\"custom.widget.SocialSharing\",\"template\":\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 35 of 44\n\n{\"id\":\"SocialSharing\",\"markupLanguage\":\"HANDLEBARS\",\"style\":\".sharePage {\\n display: flex;\\n justify-content:\r\ncenter;\\n background: #d7d7d7;\\n padding: 0px;\\n height: 60px;\\n}\\n.singleSocialIcons {\\n display: flex;\\n gap: 12px;\\n list-style-type: none;\\n padding: 0px;\\n margin: 0;\\n}\\n.containers {\\n display: flex;\\n gap: 30px;\\n}\\n\\n.listIcon {\\n align-content: center;\\n}\\n.headingShare {\\n display: inline;\\n margin-right: 25px;\\n margin-bottom: 0px;\\n font-size: 20px;\\n\r\nfont-weight: 550;\\n align-content: center;\\n}\\n\\n@media (max-width: 990px) {\\n .sharePage {\\n display: flex;\\n justify-content: center;\\n }\\n\\n .containers {\\n display: inline-block;\\n justify-content: center;\\n align-content: center;\\n align-items:\r\ncenter;\\n }\\n .headingShare {\\n display: flex;\\n justify-content: center;\\n }\\n .singleSocialIcons {\\n\r\n}\\n}\\n\",\"texts\":null,\"defaults\":{\"config\":{\"applicablePages\":[],\"description\":\"Adds buttons to share to various social media\r\nwebsites\",\"fetchedContent\":null,\"__typename\":\"ComponentConfiguration\"},\"props\":\r\n[],\"__typename\":\"ComponentProperties\"},\"components\":\r\n[{\"id\":\"custom.widget.SocialSharing\",\"form\":null,\"config\":null,\"props\":\r\n[],\"__typename\":\"Component\"}],\"grouping\":\"CUSTOM\",\"__typename\":\"ComponentTemplate\"},\"properties\":{\"config\":\r\n{\"applicablePages\":[],\"description\":\"Adds buttons to share to various social media\r\nwebsites\",\"fetchedContent\":null,\"__typename\":\"ComponentConfiguration\"},\"props\":\r\n[],\"__typename\":\"ComponentProperties\"},\"form\":null,\"__typename\":\"Component\",\"localOverride\":false},\"globalCss\":\r\n{\"css\":\".custom_widget_SocialSharing_sharePage_6x3n8_1 {\\n display: flex;\\n justify-content: center;\\n background:\r\n#d7d7d7;\\n padding: 0;\\n height: 3.75rem;\\n}\\n.custom_widget_SocialSharing_singleSocialIcons_6x3n8_8 {\\n display:\r\nflex;\\n gap: 0.75rem;\\n list-style-type: none;\\n padding: 0;\\n margin:\r\n0;\\n}\\n.custom_widget_SocialSharing_containers_6x3n8_15 {\\n display: flex;\\n gap:\r\n1.875rem;\\n}\\n.custom_widget_SocialSharing_listIcon_6x3n8_20 {\\n align-content:\r\ncenter;\\n}\\n.custom_widget_SocialSharing_headingShare_6x3n8_23 {\\n display: inline;\\n margin-right: 1.5625rem;\\n\r\nmargin-bottom: 0;\\n font-size: 1.25rem;\\n font-weight: 550;\\n align-content: center;\\n}\\n@media (max-width: 990px) {\\n\r\n.custom_widget_SocialSharing_sharePage_6x3n8_1 {\\n display: flex;\\n justify-content: center;\\n }\\n\\n\r\n.custom_widget_SocialSharing_containers_6x3n8_15 {\\n display: inline-block;\\n justify-content: center;\\n align-content:\r\ncenter;\\n align-items: center;\\n }\\n .custom_widget_SocialSharing_headingShare_6x3n8_23 {\\n display: flex;\\n justify-content: center;\\n }\\n .custom_widget_SocialSharing_singleSocialIcons_6x3n8_8 {\\n }\\n}\\n\",\"tokens\":\r\n{\"sharePage\":\"custom_widget_SocialSharing_sharePage_6x3n8_1\",\"singleSocialIcons\":\"custom_widget_SocialSharing_singleSocialIcons_6x3n8_8\",\"co\r\nen-us-1775107888865\":{\"__typename\":\"CachedAsset\",\"id\":\"component:custom.widget.MicrosoftFooter-en-us-1775107888865\",\"value\":{\"component\":{\"id\":\"custom.widget.MicrosoftFooter\",\"template\":\r\n{\"id\":\"MicrosoftFooter\",\"markupLanguage\":\"HANDLEBARS\",\"style\":\".context-uhf {\\r\\n min-width: 280px;\\r\\n font-size:\r\n15px;\\r\\n box-sizing: border-box;\\r\\n -ms-text-size-adjust: 100%;\\r\\n -webkit-text-size-adjust: 100%;\\r\\n \u0026 *,\\r\\n \u0026\r\n*:before,\\r\\n \u0026 *:after {\\r\\n box-sizing: inherit;\\r\\n }\\r\\n a.c-uhff-link {\\r\\n color: #616161;\\r\\n word-break: break-word;\\r\\n\r\ntext-decoration: none;\\r\\n }\\r\\n \u0026a:link,\\r\\n \u0026a:focus,\\r\\n \u0026a:hover,\\r\\n \u0026a:active,\\r\\n \u0026a:visited {\\r\\n text-decoration:\r\nnone;\\r\\n color: inherit;\\r\\n }\\r\\n \u0026 div {\\r\\n font-family: 'Segoe UI', SegoeUI, 'Helvetica Neue', Helvetica, Arial, sans-serif;\\r\\n }\\r\\n}\\r\\n.c-uhff {\\r\\n background: #f2f2f2;\\r\\n margin: -1.5625;\\r\\n width: auto;\\r\\n height: auto;\\r\\n}\\r\\n.c-uhff-nav {\\r\\n margin: 0 auto;\\r\\n max-width: calc(1600px + 10%);\\r\\n padding: 0 5%;\\r\\n box-sizing: inherit;\\r\\n \u0026:before,\\r\\n\r\n\u0026:after {\\r\\n content: ' ';\\r\\n display: table;\\r\\n clear: left;\\r\\n }\\r\\n @media only screen and (max-width: 1083px) {\\r\\n\r\npadding-left: 12px;\\r\\n }\\r\\n .c-heading-4 {\\r\\n color: #616161;\\r\\n word-break: break-word;\\r\\n font-size: 15px;\\r\\n line-height: 20px;\\r\\n padding: 36px 0 4px;\\r\\n font-weight: 600;\\r\\n }\\r\\n .c-uhff-nav-row {\\r\\n .c-uhff-nav-group {\\r\\n display:\r\nblock;\\r\\n float: left;\\r\\n min-height: 1px;\\r\\n vertical-align: text-top;\\r\\n padding: 0 12px;\\r\\n width: 100%;\\r\\n zoom: 1;\\r\\n\r\n\u0026:first-child {\\r\\n padding-left: 0;\\r\\n @media only screen and (max-width: 1083px) {\\r\\n padding-left: 12px;\\r\\n }\\r\\n }\\r\\n\r\n@media only screen and (min-width: 540px) and (max-width: 1082px) {\\r\\n width: 33.33333%;\\r\\n }\\r\\n @media only\r\nscreen and (min-width: 1083px) {\\r\\n width: 16.6666666667%;\\r\\n }\\r\\n ul.c-list.f-bare {\\r\\n font-size: 11px;\\r\\n line-height:\r\n16px;\\r\\n margin-top: 0;\\r\\n margin-bottom: 0;\\r\\n padding-left: 0;\\r\\n list-style-type: none;\\r\\n li {\\r\\n word-break: break-word;\\r\\n padding: 8px 0;\\r\\n margin: 0;\\r\\n }\\r\\n }\\r\\n }\\r\\n }\\r\\n}\\r\\n.c-uhff-base {\\r\\n background: #f2f2f2;\\r\\n margin: 0\r\nauto;\\r\\n max-width: calc(1600px + 10%);\\r\\n padding: 30px 5% 16px;\\r\\n \u0026:before,\\r\\n \u0026:after {\\r\\n content: ' ';\\r\\n\r\ndisplay: table;\\r\\n }\\r\\n \u0026:after {\\r\\n clear: both;\\r\\n }\\r\\n a.c-uhff-ccpa,\\r\\n a.c-uhff-consumer {\\r\\n display: flex;\\r\\n float:\r\nleft;\\r\\n font-size: 11px;\\r\\n line-height: 16px;\\r\\n padding: 4px 24px 0 0;\\r\\n }\\r\\n a.c-uhff-ccpa:hover,\\r\\n a.c-uhff-consumer:hover {\\r\\n text-decoration: underline;\\r\\n }\\r\\n ul.c-list {\\r\\n font-size: 11px;\\r\\n line-height: 16px;\\r\\n float:\r\nright;\\r\\n margin: 3px 0;\\r\\n color: #616161;\\r\\n li {\\r\\n padding: 0 24px 4px 0;\\r\\n display: inline-block;\\r\\n }\\r\\n }\\r\\n .c-list.f-bare {\\r\\n padding-left: 0;\\r\\n list-style-type: none;\\r\\n }\\r\\n @media only screen and (max-width: 1083px) {\\r\\n\r\ndisplay: flex;\\r\\n flex-wrap: wrap;\\r\\n padding: 30px 24px 16px;\\r\\n }\\r\\n}\\r\\n\\r\\n.social-share {\\r\\n position: fixed;\\r\\n top:\r\n60%;\\r\\n transform: translateY(-50%);\\r\\n left: 0;\\r\\n z-index: 1000;\\r\\n}\\r\\n\\r\\n.sharing-options {\\r\\n list-style: none;\\r\\n\r\npadding: 0;\\r\\n margin: 0;\\r\\n display: block;\\r\\n flex-direction: column;\\r\\n background-color: white;\\r\\n width: 50px;\\r\\n\r\nborder-radius: 0px 7px 7px 0px;\\r\\n}\\r\\n.linkedin-icon {\\r\\n border-top-right-radius: 7px;\\r\\n}\\r\\n.linkedin-icon:hover {\\r\\n\r\nborder-radius: 0;\\r\\n}\\r\\n\\r\\n.social-share-email-image:hover {\\r\\n border-radius: 0;\\r\\n}\\r\\n\\r\\n.social-link-footer:hover\r\n.linkedin-icon {\\r\\n border-radius: 0;\\r\\n}\\r\\n.social-link-footer:hover .social-share-email-image {\\r\\n border-radius:\r\n0;\\r\\n}\\r\\n\\r\\n.social-link-footer img {\\r\\n width: 30px;\\r\\n height: auto;\\r\\n transition: filter 0.3s ease;\\r\\n}\\r\\n\\r\\n.social-share-list {\\r\\n width: 50px;\\r\\n}\\r\\n.social-share-rss-image {\\r\\n width: 30px;\\r\\n height: auto;\\r\\n transition: filter 0.3s\r\nease;\\r\\n}\\r\\n.sharing-options li {\\r\\n width: 50px;\\r\\n height: 50px;\\r\\n padding: 8px;\\r\\n box-sizing: border-box;\\r\\n border:\r\n2px solid white;\\r\\n display: inline-block;\\r\\n text-align: center;\\r\\n opacity: 1;\\r\\n visibility: visible;\\r\\n transition: border\r\n0.3s ease; /* Smooth transition effect */\\r\\n border-left: none;\\r\\n border-bottom: none; /* Apply bottom border to only last\r\nitem */\\r\\n}\\r\\n\\r\\n.social-share-list-linkedin {\\r\\n background-color: #0474b4;\\r\\n border-top-right-radius: 5px; /* Rounded\r\ntop right corner of first item*/\\r\\n}\\r\\n.social-share-list-facebook {\\r\\n background-color: #3c5c9c;\\r\\n}\\r\\n.social-share-list-https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 36 of 44\n\nxicon {\\r\\n background-color: #000;\\r\\n}\\r\\n.social-share-list-reddit {\\r\\n background-color: #fc4404;\\r\\n}\\r\\n.social-share-list-bluesky {\\r\\n background-color: #f0f2f5;\\r\\n}\\r\\n.social-share-list-rss {\\r\\n background-color: #ec7b1c;\\r\\n}\\r\\n.social-share-list-mail {\\r\\n background-color: #848484;\\r\\n border-bottom-right-radius: 5px; /* Rounded bottom right corner of last\r\nitem*/\\r\\n}\\r\\n.sharing-options li.social-share-list-mail {\\r\\n border-bottom: 2px solid white; /* Add bottom border only to\r\nthe last item */\\r\\n height: 52px; /* Increase last child height to make in align with the hover label */\\r\\n}\\r\\n.x-icon {\\r\\n\r\nfilter: invert(100%);\\r\\n transition: filter 0.3s ease;\\r\\n width: 20px !important;\\r\\n height: auto;\\r\\n padding-top: 5px\r\n!important;\\r\\n}\\r\\n.bluesky-icon {\\r\\n filter: invert(20%) sepia(100%) saturate(3000%) hue-rotate(180deg);\\r\\n transition:\r\nfilter 0.3s ease;\\r\\n padding-top: 5px !important;\\r\\n width: 25px !important;\\r\\n}\\r\\n\\r\\n.share-icon {\\r\\n border: 2px solid\r\ntransparent;\\r\\n display: inline-block;\\r\\n position: relative;\\r\\n}\\r\\n\\r\\n.sharing-options li:hover {\\r\\n border: 2px solid\r\nwhite;\\r\\n border-left: none;\\r\\n border-bottom: none;\\r\\n border-radius: 0px;\\r\\n}\\r\\n.sharing-options li.social-share-list-mail:hover {\\r\\n border-bottom: 2px solid white; /* Add bottom border only to the last item */\\r\\n}\\r\\n\\r\\n.sharing-options\r\nli:hover .label {\\r\\n opacity: 1;\\r\\n visibility: visible;\\r\\n border: 2px solid white;\\r\\n box-sizing: border-box;\\r\\n border-left:\r\nnone;\\r\\n}\\r\\n\\r\\n.label {\\r\\n position: absolute;\\r\\n left: 100%;\\r\\n white-space: nowrap;\\r\\n opacity: 0;\\r\\n visibility:\r\nhidden;\\r\\n transition: all 0.2s ease;\\r\\n color: white;\\r\\n border-radius: 0 10 0 10px;\\r\\n top: 50%;\\r\\n transform:\r\ntranslateY(-50%);\\r\\n height: 52px;\\r\\n display: flex;\\r\\n align-items: center;\\r\\n justify-content: center;\\r\\n padding: 10px\r\n12px 15px 8px;\\r\\n border: 2px solid white;\\r\\n}\\r\\n.linkedin {\\r\\n background-color: #0474b4;\\r\\n border-top-right-radius:\r\n5px; /* Rounded top right corner of first item*/\\r\\n}\\r\\n.facebook {\\r\\n background-color: #3c5c9c;\\r\\n}\\r\\n.twitter {\\r\\n\r\nbackground-color: black;\\r\\n color: white;\\r\\n}\\r\\n.reddit {\\r\\n background-color: #fc4404;\\r\\n}\\r\\n.mail {\\r\\n background-color: #848484;\\r\\n border-bottom-right-radius: 5px; /* Rounded bottom right corner of last item*/\\r\\n}\\r\\n.bluesky {\\r\\n\r\nbackground-color: #f0f2f5;\\r\\n color: black;\\r\\n}\\r\\n.rss {\\r\\n background-color: #ec7b1c;\\r\\n}\\r\\n\\r\\n@media (max-width:\r\n991px) {\\r\\n .social-share {\\r\\n display: none;\\r\\n }\\r\\n}\\r\\n\",\"texts\":{\"heading.whatsNew\":\"What's\r\nnew\",\"heading.store\":\"Microsoft\r\nStore\",\"heading.education\":\"Education\",\"heading.business\":\"Business\",\"heading.developer\":\"Developer \u0026\r\nIT\",\"heading.company\":\"Company\",\"link.whatsNew.surfacePro\":\"Surface Pro\",\"aria.whatsNew.surfacePro\":\"Surface Pro\r\nWhat's new\",\"link.whatsNew.surfaceLaptop\":\"Surface Laptop\",\"aria.whatsNew.surfaceLaptop\":\"Surface Laptop What's\r\nnew\",\"link.whatsNew.surfaceLaptopStudio2\":\"Surface Laptop Studio 2\",\"aria.whatsNew.surfaceLaptopStudio2\":\"Surface\r\nLaptop Studio 2 What's new\",\"link.whatsNew.copilotOrganizations\":\"Copilot for\r\norganizations\",\"aria.whatsNew.copilotOrganizations\":\"Copilot for organizations What's\r\nnew\",\"link.whatsNew.copilotPersonal\":\"Copilot for personal use\",\"aria.whatsNew.copilotPersonal\":\"Copilot for personal\r\nuse What's new\",\"link.whatsNew.aiInWindows\":\"AI in Windows\",\"aria.whatsNew.aiInWindows\":\"AI in Windows What's\r\nnew\",\"link.whatsNew.exploreProducts\":\"Explore Microsoft products\",\"aria.whatsNew.exploreProducts\":\"Explore Microsoft\r\nproducts What's new\",\"link.whatsNew.windows11Apps\":\"Windows 11 apps\",\"aria.whatsNew.windows11Apps\":\"Windows\r\n11 apps What's new\",\"link.store.accountProfile\":\"Account profile\",\"aria.store.accountProfile\":\"Account profile Microsoft\r\nStore\",\"link.store.downloadCenter\":\"Download Center\",\"aria.store.downloadCenter\":\"Download Center Microsoft\r\nStore\",\"link.store.support\":\"Microsoft Store support\",\"aria.store.support\":\"Microsoft Store support Microsoft\r\nStore\",\"link.store.returns\":\"Returns\",\"aria.store.returns\":\"Returns Microsoft Store\",\"link.store.orderTracking\":\"Order\r\ntracking\",\"aria.store.orderTracking\":\"Order tracking Microsoft Store\",\"link.store.certifiedRefurbished\":\"Certified\r\nRefurbished\",\"aria.store.certifiedRefurbished\":\"Certified Refurbished Microsoft Store\",\"link.store.promise\":\"Microsoft\r\nStore Promise\",\"aria.store.promise\":\"Microsoft Store Promise Microsoft Store\",\"link.store.flexiblePayments\":\"Flexible\r\nPayments\",\"aria.store.flexiblePayments\":\"Flexible Payments Microsoft\r\nStore\",\"link.education.microsoftInEducation\":\"Microsoft in education\",\"aria.education.microsoftInEducation\":\"Microsoft in\r\neducation Education\",\"link.education.devices\":\"Devices for education\",\"aria.education.devices\":\"Devices for education\r\nEducation\",\"link.education.teams\":\"Microsoft Teams for Education\",\"aria.education.teams\":\"Microsoft Teams for Education\r\nEducation\",\"link.education.m365\":\"Microsoft 365 Education\",\"aria.education.m365\":\"Microsoft 365 Education\r\nEducation\",\"link.education.howToBuy\":\"How to buy for your school\",\"aria.education.howToBuy\":\"How to buy for your\r\nschool Education\",\"link.education.training\":\"Educator training and development\",\"aria.education.training\":\"Educator\r\ntraining and development Education\",\"link.education.deals\":\"Deals for students and parents\",\"aria.education.deals\":\"Deals\r\nfor students and parents Education\",\"link.education.ai\":\"AI for education\",\"aria.education.ai\":\"AI for education\r\nEducation\",\"link.business.microsoftAi\":\"Microsoft AI\",\"aria.business.microsoftAi\":\"Microsoft AI\r\nBusiness\",\"link.business.security\":\"Microsoft Security\",\"aria.business.security\":\"Microsoft Security\r\nBusiness\",\"link.business.dynamics\":\"Dynamics 365\",\"aria.business.dynamics\":\"Dynamics 365\r\nBusiness\",\"link.business.m365\":\"Microsoft 365\",\"aria.business.m365\":\"Microsoft 365\r\nBusiness\",\"link.business.powerPlatform\":\"Microsoft Power Platform\",\"aria.business.powerPlatform\":\"Microsoft Power\r\nPlatform Business\",\"link.business.teams\":\"Microsoft Teams\",\"aria.business.teams\":\"Microsoft Teams\r\nBusiness\",\"link.business.m365Copilot\":\"Microsoft 365 Copilot\",\"aria.business.m365Copilot\":\"Microsoft 365 Copilot\r\nBusiness\",\"link.business.smallBusiness\":\"Small Business\",\"aria.business.smallBusiness\":\"Small Business\r\nBusiness\",\"link.developer.azure\":\"Azure\",\"aria.developer.azure\":\"Azure Developer \u0026\r\nIT\",\"link.developer.developerCenter\":\"Microsoft Developer\",\"aria.developer.developerCenter\":\"Microsoft Developer\r\nDeveloper \u0026 IT\",\"link.developer.learn\":\"Microsoft Learn\",\"aria.developer.learn\":\"Microsoft Learn Developer \u0026\r\nIT\",\"link.developer.aiMarketplace\":\"Support for AI marketplace apps\",\"aria.developer.aiMarketplace\":\"Support for AI\r\nmarketplace apps Developer \u0026 IT\",\"link.developer.techCommunity\":\"Microsoft Tech\r\nCommunity\",\"aria.developer.techCommunity\":\"Microsoft Tech Community Developer \u0026\r\nIT\",\"link.developer.marketplace\":\"Microsoft Marketplace\",\"aria.developer.marketplace\":\"Microsoft Marketplace Developer\r\n\u0026 IT\",\"link.developer.marketplaceRewards\":\"Marketplace Rewards\",\"aria.developer.marketplaceRewards\":\"Marketplace\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 37 of 44\n\nRewards Developer \u0026 IT\",\"link.developer.visualStudio\":\"Visual Studio\",\"aria.developer.visualStudio\":\"Visual Studio\r\nDeveloper \u0026 IT\",\"link.company.careers\":\"Careers\",\"aria.company.careers\":\"Careers\r\nCompany\",\"link.company.about\":\"About Microsoft\",\"aria.company.about\":\"About Microsoft\r\nCompany\",\"link.company.news\":\"Company news\",\"aria.company.news\":\"Company news\r\nCompany\",\"link.company.privacy\":\"Privacy at Microsoft\",\"aria.company.privacy\":\"Privacy at Microsoft\r\nCompany\",\"link.company.investors\":\"Investors\",\"aria.company.investors\":\"Investors\r\nCompany\",\"link.company.diversity\":\"Diversity and inclusion\",\"aria.company.diversity\":\"Diversity and inclusion\r\nCompany\",\"link.company.accessibility\":\"Accessibility\",\"aria.company.accessibility\":\"Accessibility\r\nCompany\",\"link.company.sustainability\":\"Sustainability\",\"aria.company.sustainability\":\"Sustainability\r\nCompany\",\"ccpa.label\":\"Your Privacy Choices\",\"consumerhealthprivacy.label\":\"Consumer Health\r\nPrivacy\",\"corp.sitemap\":\"Sitemap\",\"corp.contact\":\"Contact\r\nMicrosoft\",\"corp.privacy\":\"Privacy\",\"corp.manageCookies\":\"Manage cookies\",\"corp.terms\":\"Terms of\r\nuse\",\"corp.trademarks\":\"Trademarks\",\"corp.safetyEco\":\"Safety \u0026\r\neco\",\"corp.recycling\":\"Recycling\",\"corp.aboutAds\":\"About our\r\nads\",\"corp.microsoft\":\"Microsoft\",\"social.linkedin.alt\":\"Share to LinkedIn\",\"social.linkedin.label\":\"Share on\r\nLinkedIn\",\"social.facebook.alt\":\"Share to Facebook\",\"social.facebook.label\":\"Share on Facebook\",\"social.x.alt\":\"Share to\r\nX\",\"social.x.label\":\"Share on X\",\"social.reddit.alt\":\"Share to Reddit\",\"social.reddit.label\":\"Share on\r\nReddit\",\"social.bluesky.alt\":\"Share to Blue Sky\",\"social.bluesky.label\":\"Share on Bluesky\",\"social.rss.alt\":\"Subscribe to\r\nRSS\",\"social.rss.label\":\"Share on RSS\",\"social.email.alt\":\"Share to Email\",\"social.email.label\":\"Share on\r\nEmail\"},\"defaults\":{\"config\":{\"applicablePages\":[],\"description\":\"The Microsoft\r\nFooter\",\"fetchedContent\":null,\"__typename\":\"ComponentConfiguration\"},\"props\":\r\n[],\"__typename\":\"ComponentProperties\"},\"components\":\r\n[{\"id\":\"custom.widget.MicrosoftFooter\",\"form\":null,\"config\":null,\"props\":\r\n[],\"__typename\":\"Component\"}],\"grouping\":\"CUSTOM\",\"__typename\":\"ComponentTemplate\"},\"properties\":{\"config\":\r\n{\"applicablePages\":[],\"description\":\"The Microsoft\r\nFooter\",\"fetchedContent\":null,\"__typename\":\"ComponentConfiguration\"},\"props\":\r\n[],\"__typename\":\"ComponentProperties\"},\"form\":null,\"__typename\":\"Component\",\"localOverride\":false},\"globalCss\":\r\n{\"css\":\".custom_widget_MicrosoftFooter_context-uhf_qp4x5_1 {\\r\\n min-width: 17.5rem;\\r\\n font-size: 0.9375rem;\\r\\n\r\nbox-sizing: border-box;\\r\\n -ms-text-size-adjust: 100%;\\r\\n -webkit-text-size-adjust: 100%;\\r\\n \u0026 *,\\r\\n \u0026 *:before,\\r\\n \u0026\r\n*:after {\\r\\n box-sizing: inherit;\\r\\n }\\r\\n a.custom_widget_MicrosoftFooter_c-uhff-link_qp4x5_23 {\\r\\n color: #616161;\\r\\n\r\nword-break: break-word;\\r\\n text-decoration: none;\\r\\n }\\r\\n \u0026a:link,\\r\\n \u0026a:focus,\\r\\n \u0026a:hover,\\r\\n \u0026a:active,\\r\\n\r\n\u0026a:visited {\\r\\n text-decoration: none;\\r\\n color: inherit;\\r\\n }\\r\\n \u0026 div {\\r\\n font-family: 'Segoe UI', SegoeUI, 'Helvetica\r\nNeue', Helvetica, Arial, sans-serif;\\r\\n }\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_c-uhff_qp4x5_23 {\\r\\n background:\r\n#f2f2f2;\\r\\n margin: -1.5625;\\r\\n width: auto;\\r\\n height: auto;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_c-uhff-nav_qp4x5_69 {\\r\\n margin: 0 auto;\\r\\n max-width: calc(100rem + 10%);\\r\\n padding: 0 5%;\\r\\n box-sizing: inherit;\\r\\n\r\n\u0026:before,\\r\\n \u0026:after {\\r\\n content: ' ';\\r\\n display: table;\\r\\n clear: left;\\r\\n }\\r\\n @media only screen and (max-width:\r\n1083px) {\\r\\n padding-left: 0.75rem;\\r\\n }\\r\\n .custom_widget_MicrosoftFooter_c-heading-4_qp4x5_97 {\\r\\n color:\r\n#616161;\\r\\n word-break: break-word;\\r\\n font-size: 0.9375rem;\\r\\n line-height: 1.25rem;\\r\\n padding: 2.25rem 0\r\n0.25rem;\\r\\n font-weight: 600;\\r\\n }\\r\\n .custom_widget_MicrosoftFooter_c-uhff-nav-row_qp4x5_113 {\\r\\n\r\n.custom_widget_MicrosoftFooter_c-uhff-nav-group_qp4x5_115 {\\r\\n display: block;\\r\\n float: left;\\r\\n min-height:\r\n0.0625rem;\\r\\n vertical-align: text-top;\\r\\n padding: 0 0.75rem;\\r\\n width: 100%;\\r\\n zoom: 1;\\r\\n \u0026:first-child {\\r\\n padding-left: 0;\\r\\n @media only screen and (max-width: 1083px) {\\r\\n padding-left: 0.75rem;\\r\\n }\\r\\n }\\r\\n @media only screen\r\nand (min-width: 540px) and (max-width: 1082px) {\\r\\n width: 33.33333%;\\r\\n }\\r\\n @media only screen and (min-width:\r\n1083px) {\\r\\n width: 16.6666666667%;\\r\\n }\\r\\n ul.custom_widget_MicrosoftFooter_c-list_qp4x5_155.custom_widget_MicrosoftFooter_f-bare_qp4x5_155 {\\r\\n font-size: 0.6875rem;\\r\\n line-height: 1rem;\\r\\n\r\nmargin-top: 0;\\r\\n margin-bottom: 0;\\r\\n padding-left: 0;\\r\\n list-style-type: none;\\r\\n li {\\r\\n word-break: break-word;\\r\\n\r\npadding: 0.5rem 0;\\r\\n margin: 0;\\r\\n }\\r\\n }\\r\\n }\\r\\n }\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_c-uhff-base_qp4x5_187\r\n{\\r\\n background: #f2f2f2;\\r\\n margin: 0 auto;\\r\\n max-width: calc(100rem + 10%);\\r\\n padding: 1.875rem 5% 1rem;\\r\\n\r\n\u0026:before,\\r\\n \u0026:after {\\r\\n content: ' ';\\r\\n display: table;\\r\\n }\\r\\n \u0026:after {\\r\\n clear: both;\\r\\n }\\r\\n\r\na.custom_widget_MicrosoftFooter_c-uhff-ccpa_qp4x5_213,\\r\\n a.custom_widget_MicrosoftFooter_c-uhff-consumer_qp4x5_215 {\\r\\n display: flex;\\r\\n float: left;\\r\\n font-size: 0.6875rem;\\r\\n line-height: 1rem;\\r\\n padding: 0.25rem\r\n1.5rem 0 0;\\r\\n }\\r\\n a.custom_widget_MicrosoftFooter_c-uhff-ccpa_qp4x5_213:hover,\\r\\n\r\na.custom_widget_MicrosoftFooter_c-uhff-consumer_qp4x5_215:hover {\\r\\n text-decoration: underline;\\r\\n }\\r\\n\r\nul.custom_widget_MicrosoftFooter_c-list_qp4x5_155 {\\r\\n font-size: 0.6875rem;\\r\\n line-height: 1rem;\\r\\n float: right;\\r\\n\r\nmargin: 0.1875rem 0;\\r\\n color: #616161;\\r\\n li {\\r\\n padding: 0 1.5rem 0.25rem 0;\\r\\n display: inline-block;\\r\\n }\\r\\n }\\r\\n\r\n.custom_widget_MicrosoftFooter_c-list_qp4x5_155.custom_widget_MicrosoftFooter_f-bare_qp4x5_155 {\\r\\n padding-left:\r\n0;\\r\\n list-style-type: none;\\r\\n }\\r\\n @media only screen and (max-width: 1083px) {\\r\\n display: flex;\\r\\n flex-wrap:\r\nwrap;\\r\\n padding: 1.875rem 1.5rem 1rem;\\r\\n }\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-share_qp4x5_281 {\\r\\n\r\nposition: fixed;\\r\\n top: 60%;\\r\\n transform: translateY(-50%);\\r\\n left: 0;\\r\\n z-index:\r\n1000;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 {\\r\\n list-style: none;\\r\\n padding: 0;\\r\\n\r\nmargin: 0;\\r\\n display: block;\\r\\n flex-direction: column;\\r\\n background-color: white;\\r\\n width: 3.125rem;\\r\\n border-radius: 0 0.4375rem 0.4375rem 0;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_linkedin-icon_qp4x5_317 {\\r\\n border-top-right-radius: 7px;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_linkedin-icon_qp4x5_317:hover {\\r\\n border-radius:\r\n0;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-share-email-image_qp4x5_331:hover {\\r\\n border-radius:\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 38 of 44\n\n0;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-link-footer_qp4x5_339:hover\r\n.custom_widget_MicrosoftFooter_linkedin-icon_qp4x5_317 {\\r\\n border-radius:\r\n0;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-link-footer_qp4x5_339:hover .custom_widget_MicrosoftFooter_social-share-email-image_qp4x5_331 {\\r\\n border-radius: 0;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-link-footer_qp4x5_339 img {\\r\\n width: 1.875rem;\\r\\n height: auto;\\r\\n transition: filter 0.3s\r\nease;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-share-list_qp4x5_365 {\\r\\n width:\r\n3.125rem;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-share-rss-image_qp4x5_371 {\\r\\n width: 1.875rem;\\r\\n height:\r\nauto;\\r\\n transition: filter 0.3s ease;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li {\\r\\n width:\r\n3.125rem;\\r\\n height: 3.125rem;\\r\\n padding: 0.5rem;\\r\\n box-sizing: border-box;\\r\\n border: 2px solid white;\\r\\n display:\r\ninline-block;\\r\\n text-align: center;\\r\\n opacity: 1;\\r\\n visibility: visible;\\r\\n transition: border 0.3s ease; /* Smooth transition\r\neffect */\\r\\n border-left: none;\\r\\n border-bottom: none; /* Apply bottom border to only last item\r\n*/\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-share-list-linkedin_qp4x5_411 {\\r\\n background-color: #0474b4;\\r\\n\r\nborder-top-right-radius: 5px; /* Rounded top right corner of first item*/\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-share-list-facebook_qp4x5_419 {\\r\\n background-color: #3c5c9c;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-share-list-xicon_qp4x5_425 {\\r\\n background-color: #000;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-share-list-reddit_qp4x5_431 {\\r\\n background-color: #fc4404;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-share-list-bluesky_qp4x5_437 {\\r\\n background-color: #f0f2f5;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-share-list-rss_qp4x5_443 {\\r\\n background-color: #ec7b1c;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_social-share-list-mail_qp4x5_449 {\\r\\n background-color: #848484;\\r\\n border-bottom-right-radius: 5px; /* Rounded bottom right corner of\r\nlast item*/\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li.custom_widget_MicrosoftFooter_social-share-list-mail_qp4x5_449 {\\r\\n border-bottom: 2px solid white; /* Add bottom border only to the last item */\\r\\n height:\r\n3.25rem; /* Increase last child height to make in align with the hover label */\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_x-icon_qp4x5_465 {\\r\\n filter: invert(100%);\\r\\n transition: filter 0.3s ease;\\r\\n width: 1.25rem !important;\\r\\n height: auto;\\r\\n\r\npadding-top: 0.3125rem !important;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_bluesky-icon_qp4x5_479 {\\r\\n filter:\r\ninvert(20%) sepia(100%) saturate(3000%) hue-rotate(180deg);\\r\\n transition: filter 0.3s ease;\\r\\n padding-top: 0.3125rem\r\n!important;\\r\\n width: 1.5625rem !important;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_share-icon_qp4x5_493 {\\r\\n border:\r\n2px solid transparent;\\r\\n display: inline-block;\\r\\n position: relative;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li:hover {\\r\\n border: 2px solid white;\\r\\n border-left: none;\\r\\n border-bottom: none;\\r\\n border-radius:\r\n0;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li.custom_widget_MicrosoftFooter_social-share-list-mail_qp4x5_449:hover {\\r\\n border-bottom: 2px solid white; /* Add bottom border only to the last item\r\n*/\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_sharing-options_qp4x5_297 li:hover\r\n.custom_widget_MicrosoftFooter_label_qp4x5_525 {\\r\\n opacity: 1;\\r\\n visibility: visible;\\r\\n border: 2px solid white;\\r\\n\r\nbox-sizing: border-box;\\r\\n border-left: none;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_label_qp4x5_525 {\\r\\n position:\r\nabsolute;\\r\\n left: 100%;\\r\\n white-space: nowrap;\\r\\n opacity: 0;\\r\\n visibility: hidden;\\r\\n transition: all 0.2s ease;\\r\\n color:\r\nwhite;\\r\\n border-radius: 0 10 0 0.625rem;\\r\\n top: 50%;\\r\\n transform: translateY(-50%);\\r\\n height: 3.25rem;\\r\\n display:\r\nflex;\\r\\n align-items: center;\\r\\n justify-content: center;\\r\\n padding: 0.625rem 0.75rem 0.9375rem 0.5rem;\\r\\n border: 2px\r\nsolid white;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_linkedin_qp4x5_317 {\\r\\n background-color: #0474b4;\\r\\n border-top-right-radius: 5px; /* Rounded top right corner of first\r\nitem*/\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_facebook_qp4x5_585 {\\r\\n background-color:\r\n#3c5c9c;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_twitter_qp4x5_591 {\\r\\n background-color: black;\\r\\n color:\r\nwhite;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_reddit_qp4x5_599 {\\r\\n background-color:\r\n#fc4404;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_mail_qp4x5_605 {\\r\\n background-color: #848484;\\r\\n border-bottom-right-radius: 5px; /* Rounded bottom right corner of last\r\nitem*/\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_bluesky_qp4x5_479 {\\r\\n background-color: #f0f2f5;\\r\\n color:\r\nblack;\\r\\n}\\r\\n.custom_widget_MicrosoftFooter_rss_qp4x5_621 {\\r\\n background-color: #ec7b1c;\\r\\n}\\r\\n@media (max-width: 991px) {\\r\\n .custom_widget_MicrosoftFooter_social-share_qp4x5_281 {\\r\\n display: none;\\r\\n }\\r\\n}\\r\\n\",\"tokens\":\r\n{\"context-uhf\":\"custom_widget_MicrosoftFooter_context-uhf_qp4x5_1\",\"c-uhff-link\":\"custom_widget_MicrosoftFooter_c-uhff-link_qp4x5_23\",\"c-uhff\":\"custom_widget_MicrosoftFooter_c-uhff_qp4x5_23\",\"c-uhff-nav\":\"custom_widget_MicrosoftFooter_c-uhff-nav_qp4x5_69\",\"c-heading-4\":\"custom_widget_MicrosoftFooter_c-heading-4_qp4x5_97\",\"c-uhff-nav-row\":\"custom_widget_MicrosoftFooter_c-uhff-nav-row_qp4x5_113\",\"c-uhff-nav-group\":\"custom_widget_MicrosoftFooter_c-uhff-nav-group_qp4x5_115\",\"c-list\":\"custom_widget_MicrosoftFooter_c-list_qp4x5_155\",\"f-bare\":\"custom_widget_MicrosoftFooter_f-bare_qp4x5_155\",\"c-uhff-base\":\"custom_widget_MicrosoftFooter_c-uhff-base_qp4x5_187\",\"c-uhff-ccpa\":\"custom_widget_MicrosoftFooter_c-uhff-ccpa_qp4x5_213\",\"c-uhff-consumer\":\"custom_widget_MicrosoftFooter_c-uhff-consumer_qp4x5_215\",\"social-share\":\"custom_widget_MicrosoftFooter_social-share_qp4x5_281\",\"sharing-options\":\"custom_widget_MicrosoftFooter_sharing-options_qp4x5_297\",\"linkedin-icon\":\"custom_widget_MicrosoftFooter_linkedin-icon_qp4x5_317\",\"social-share-email-image\":\"custom_widget_MicrosoftFooter_social-share-email-image_qp4x5_331\",\"social-link-footer\":\"custom_widget_MicrosoftFooter_social-link-footer_qp4x5_339\",\"social-share-list\":\"custom_widget_MicrosoftFooter_social-share-list_qp4x5_365\",\"social-share-rss-image\":\"custom_widget_MicrosoftFooter_social-share-rss-image_qp4x5_371\",\"social-share-list-linkedin\":\"custom_widget_MicrosoftFooter_social-share-list-linkedin_qp4x5_411\",\"social-share-list-facebook\":\"custom_widget_MicrosoftFooter_social-share-list-facebook_qp4x5_419\",\"social-share-list-xicon\":\"custom_widget_MicrosoftFooter_social-share-list-xicon_qp4x5_425\",\"social-share-list-https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 39 of 44\n\nreddit\":\"custom_widget_MicrosoftFooter_social-share-list-reddit_qp4x5_431\",\"social-share-list-bluesky\":\"custom_widget_MicrosoftFooter_social-share-list-bluesky_qp4x5_437\",\"social-share-list-rss\":\"custom_widget_MicrosoftFooter_social-share-list-rss_qp4x5_443\",\"social-share-list-mail\":\"custom_widget_MicrosoftFooter_social-share-list-mail_qp4x5_449\",\"x-icon\":\"custom_widget_MicrosoftFooter_x-icon_qp4x5_465\",\"bluesky-icon\":\"custom_widget_MicrosoftFooter_bluesky-icon_qp4x5_479\",\"share-icon\":\"custom_widget_MicrosoftFooter_share-icon_qp4x5_493\",\"label\":\"custom_widget_MicrosoftFooter_label_qp4x5_525\",\"linkedin\":\"custom_widget_MicrosoftFooter_linkedin_qp4x5_317\",\"faceb\r\ncomponents/community/Breadcrumb-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/community/Breadcrumb-1775111750899\",\"value\":{\"navLabel\":\"Breadcrumbs\",\"dropdown\":\"Additional parent\r\npage navigation\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/messages/MessageBanner-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/messages/MessageBanner-1775111750899\",\"value\":{\"messageMarkedAsSpam\":\"This post has been marked as\r\nspam\",\"messageMarkedAsSpam@board:TKB\":\"This article has been marked as\r\nspam\",\"messageMarkedAsSpam@board:BLOG\":\"This post has been marked as\r\nspam\",\"messageMarkedAsSpam@board:FORUM\":\"This discussion has been marked as\r\nspam\",\"messageMarkedAsSpam@board:OCCASION\":\"This event has been marked as\r\nspam\",\"messageMarkedAsSpam@board:IDEA\":\"This idea has been marked as spam\",\"manageSpam\":\"Manage\r\nSpam\",\"messageMarkedAsAbuse\":\"This post has been marked as abuse\",\"messageMarkedAsAbuse@board:TKB\":\"This\r\narticle has been marked as abuse\",\"messageMarkedAsAbuse@board:BLOG\":\"This post has been marked as\r\nabuse\",\"messageMarkedAsAbuse@board:FORUM\":\"This discussion has been marked as\r\nabuse\",\"messageMarkedAsAbuse@board:OCCASION\":\"This event has been marked as\r\nabuse\",\"messageMarkedAsAbuse@board:IDEA\":\"This idea has been marked as\r\nabuse\",\"preModCommentAuthorText\":\"This comment will be published as soon as it is\r\napproved\",\"preModCommentModeratorText\":\"This comment is awaiting moderation\",\"messageMarkedAsOther\":\"This post\r\nhas been rejected due to other reasons\",\"messageMarkedAsOther@board:TKB\":\"This article has been rejected due to other\r\nreasons\",\"messageMarkedAsOther@board:BLOG\":\"This post has been rejected due to other\r\nreasons\",\"messageMarkedAsOther@board:FORUM\":\"This discussion has been rejected due to other\r\nreasons\",\"messageMarkedAsOther@board:OCCASION\":\"This event has been rejected due to other\r\nreasons\",\"messageMarkedAsOther@board:IDEA\":\"This idea has been rejected due to other\r\nreasons\",\"messageArchived\":\"This post was archived on {date}\",\"relatedUrl\":\"View Related\r\nContent\",\"relatedContentText\":\"Showing related content\",\"archivedContentLink\":\"View Archived\r\nContent\"},\"localOverride\":false},\"Category:category:Exchange\":\r\n{\"__typename\":\"Category\",\"id\":\"category:Exchange\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:Outlook\":\r\n{\"__typename\":\"Category\",\"id\":\"category:Outlook\",\"categoryPolicies\":{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:Community-Info-Center\":\r\n{\"__typename\":\"Category\",\"id\":\"category:Community-Info-Center\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:EducationSector\":\r\n{\"__typename\":\"Category\",\"id\":\"category:EducationSector\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:DrivingAdoption\":\r\n{\"__typename\":\"Category\",\"id\":\"category:DrivingAdoption\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:Azure\":\r\n{\"__typename\":\"Category\",\"id\":\"category:Azure\",\"categoryPolicies\":{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:Windows-Server\":\r\n{\"__typename\":\"Category\",\"id\":\"category:Windows-Server\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:MicrosoftTeams\":\r\n{\"__typename\":\"Category\",\"id\":\"category:MicrosoftTeams\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:PublicSector\":\r\n{\"__typename\":\"Category\",\"id\":\"category:PublicSector\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:microsoft365\":\r\n{\"__typename\":\"Category\",\"id\":\"category:microsoft365\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:IoT\":\r\n{\"__typename\":\"Category\",\"id\":\"category:IoT\",\"categoryPolicies\":{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:HealthcareAndLifeSciences\":\r\n{\"__typename\":\"Category\",\"id\":\"category:HealthcareAndLifeSciences\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 40 of 44\n\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:ITOpsTalk\":\r\n{\"__typename\":\"Category\",\"id\":\"category:ITOpsTalk\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:MicrosoftMechanics\":\r\n{\"__typename\":\"Category\",\"id\":\"category:MicrosoftMechanics\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:MicrosoftforNonprofits\":\r\n{\"__typename\":\"Category\",\"id\":\"category:MicrosoftforNonprofits\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:PartnerCommunity\":\r\n{\"__typename\":\"Category\",\"id\":\"category:PartnerCommunity\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:Microsoft365Copilot\":\r\n{\"__typename\":\"Category\",\"id\":\"category:Microsoft365Copilot\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:Windows\":\r\n{\"__typename\":\"Category\",\"id\":\"category:Windows\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:Content_Management\":\r\n{\"__typename\":\"Category\",\"id\":\"category:Content_Management\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:CommunityNewsDesk\":\r\n{\"__typename\":\"Category\",\"id\":\"category:CommunityNewsDesk\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:microsoft-learn-for-educators\":\r\n{\"__typename\":\"Category\",\"id\":\"category:microsoft-learn-for-educators\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:mvp\":\r\n{\"__typename\":\"Category\",\"id\":\"category:mvp\",\"categoryPolicies\":{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:microsoftintune\":\r\n{\"__typename\":\"Category\",\"id\":\"category:microsoftintune\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:microsoft-global-community-initiative\":\r\n{\"__typename\":\"Category\",\"id\":\"category:microsoft-global-community-initiative\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:usergroups\":\r\n{\"__typename\":\"Category\",\"id\":\"category:usergroups\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Category:category:skills-hub\":\r\n{\"__typename\":\"Category\",\"id\":\"category:skills-hub\",\"categoryPolicies\":\r\n{\"__typename\":\"CategoryPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"Blog:board:skills-hub-blog\":\r\n{\"__typename\":\"Blog\",\"id\":\"board:skills-hub-blog\",\"blogPolicies\":{\"__typename\":\"BlogPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}},\"boardPolicies\":{\"__typename\":\"BoardPolicies\",\"canReadNode\":\r\n{\"__typename\":\"PolicyResult\",\"failureReason\":null}}},\"CachedAsset:text:en_US-components/community/Navbar-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/community/Navbar-1775111750899\",\"value\":{\"community\":\"Community Home\",\"inbox\":\"Inbox\",\"manageContent\":\"Manage\r\nContent\",\"tos\":\"Terms of Service\",\"forgotPassword\":\"Forgot Password\",\"themeEditor\":\"Theme Editor\",\"edit\":\"Edit\r\nNavigation Bar\",\"skipContent\":\"Skip to content\",\"gxcuf89792\":\"Tech Community\",\"windows-server\":\"Windows\r\nServer\",\"ms-learn-ext-security\":\"Microsoft Security\",\"Common_Enntvz-i-t-ops-talk-link\":\"ITOps Talk\",\"education-sector\":\"Education Sector\",\"Common-external-link-9\":\"Microsoft 365\",\"Common-external-link-8\":\"Dynamics\r\n365\",\"Common-external-link-7\":\"Skilling Room Directory\",\"Common-external-link-6\":\"Events\",\"Common-external-link-5\":\"Blogs\",\"Common-external-link-4\":\"View All\",\"Common-gxcuf89792-community\":\"Community\",\"Common-external-link-3\":\"Topics\",\"microsoft365\":\"Microsoft 365\",\"Common_Enntvz-community-news-desk-link\":\"Community News\r\nDesk\",\"Common_Enntvz-azure-link\":\"Azure\",\"Common-community-info-center-link\":\"Lounge\",\"azure\":\"Azure\",\"Common_Enntvz-windows-link\":\"Windows\",\"Common_Enntvz-education-sector-link\":\"Education Sector\",\"Common-windows-server-link\":\"Windows Server\",\"products-link\":\"Products\",\"Common_Enntvz-partner-community-link\":\"Microsoft Partner Community\",\"microsoft-learn-blog\":\"Blog\",\"Common-external-link-2\":\"View All\",\"community-hub-link\":\"Community Hubs\",\"Common-mvp-link\":\"Microsoft MVP Program\",\"community-info-center\":\"Lounge\",\"microsoft-endpoint-manager\":\"Microsoft\r\nIntune\",\"startupsat-microsoft\":\"Startups at Microsoft\",\"ms-learn-ext-azure\":\"Azure\",\"Common_Enntvz-content_management-link\":\"Content Management\",\"ms-learn-ext-github\":\"Github\",\"Common-microsoft365-\r\nlink\":\"Microsoft 365\",\"Common-i-t-ops-talk-link\":\"ITOps Talk\",\"Common_Enntvz-view-all-products-link\":\"View\r\nAll\",\"Common-microsoft-global-community-initiative-link\":\"Microsoft Global Community Initiative (MGCI)\",\"all-events-https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 41 of 44\n\nlink\":\"Events\",\"Common_Enntvz-microsoft-learn-for-educators-link\":\"Microsoft Learn for Educators\",\"Common-external-link\":\"Community Hubs\",\"Common-partner-community-link\":\"Microsoft Partner Community\",\"Common-microsoft-learn-for-educators-link\":\"Microsoft Learn for Educators\",\"Common_Enntvz-microsoft-teams-link\":\"Microsoft Teams\",\"driving-adoption\":\"Driving Adoption\",\"microsoft-learn\":\"Microsoft Learn\",\"Common-healthcare-and-life-sciences-link\":\"Healthcare and Life Sciences\",\"planner\":\"Outlook\",\"Common_Enntvz-exchange-link\":\"Exchange\",\"healthcare-and-life-sciences\":\"Healthcare and Life Sciences\",\"Common-external-link-10\":\"View All\",\"Common-driving-adoption-link\":\"Driving Adoption\",\"ms-learn-ext-pp\":\"Power Platform\",\"Common_Enntvz-windows-server-link\":\"Windows\r\nServer\",\"Common-io-t-link\":\"Internet of Things (IoT)\",\"Skills-Hub\":\"Skills Hub\",\"microsoft-teams\":\"Microsoft\r\nTeams\",\"Common-outlook-link\":\"Outlook\",\"Common_Enntvz-public-sector-link\":\"Public Sector\",\"Common-windows-link\":\"Windows\",\"all-blogs-link\":\"Blogs\",\"communities\":\"Products\",\"Common_Enntvz-usergroups-link\":\"User\r\nGroups\",\"Common_Enntvz-microsoft-global-community-initiative-link\":\"Microsoft Global Community Initiative\r\n(MGCI)\",\"Skills-Hub-link\":\"Community\",\"Common_Enntvz-io-t-link\":\"Internet of Things (IoT)\",\"ms-learn-ext-m365\":\"Microsoft 365\",\"Common_Enntvz-microsoft-mechanics-link\":\"Microsoft Mechanics\",\"microsoft-learn-community\":\"Community\",\"partner-community\":\"Microsoft Partner Community\",\"Common-microsoft-mechanics-link\":\"Microsoft Mechanics\",\"Common_Enntvz-healthcare-and-life-sciences-link\":\"Healthcare and Life\r\nSciences\",\"microsoft-mechanics\":\"Microsoft Mechanics\",\"Common-microsoft-security-link\":\"Microsoft\r\nSecurity\",\"Common-education-sector-link\":\"Education Sector\",\"Skills-Hub-Blog\":\"Blog\",\"i-t-ops-talk\":\"ITOps\r\nTalk\",\"microsoft-securityand-compliance\":\"Microsoft Security\",\"Common_Enntvz-microsoftintune-link\":\"Microsoft\r\nIntune\",\"Common-azure-link\":\"Azure\",\"Common-microsoftintune-link\":\"Microsoft Intune\",\"Common_Enntvz-view-all-topics-link\":\"View All\",\"Common-usergroups-link\":\"User Groups\",\"Common-public-sector-link\":\"Public\r\nSector\",\"Common_Enntvz-microsoft-security-link\":\"Microsoft Security\",\"Common_Enntvz-outlook-link\":\"Outlook\",\"Common_Enntvz-mvp-link\":\"Microsoft MVP Program\",\"exchange\":\"Exchange\",\"topics-link\":\"Topics\",\"io-t\":\"Internet of Things (IoT)\",\"Common-microsoft365-copilot-link\":\"Microsoft 365 Copilot\",\"Common-microsoft-teams-link\":\"Microsoft Teams\",\"s-m-b\":\"Nonprofit Community\",\"Common_Enntvz-community-info-center-link\":\"Lounge\",\"Common_Enntvz-microsoft365-copilot-link\":\"Microsoft 365 Copilot\",\"Common_Enntvz-microsoftfor-nonprofits-link\":\"Nonprofit Community\",\"Common_Enntvz-microsoft365-link\":\"Microsoft 365\",\"Common-content_management-link\":\"Content Management\",\"ms-learn-ext-teams\":\"Teams\",\"s-q-l-server\":\"Content\r\nManagement\",\"products-services\":\"Products\",\"Common-community-news-desk-link\":\"Community News Desk\",\"ms-learn-ext-LD\":\"Skilling Room Directory\",\"Common-exchange-link\":\"Exchange\",\"Common-gxcuf89792-link\":\"Tech\r\nCommunity\",\"windows\":\"Windows\",\"public-sector\":\"Public Sector\",\"Common_Enntvz-driving-adoption-link\":\"Driving\r\nAdoption\",\"Common-microsoftfor-nonprofits-link\":\"Nonprofit Community\",\"ms-learn-ext-net\":\".NET\",\"ms-learn-ext-dynamics\":\"Dynamics 365\",\"a-i\":\"AI and Machine Learning\",\"outlook\":\"Microsoft 365\r\nCopilot\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/community/NavbarHamburgerDropdown-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/community/NavbarHamburgerDropdown-1775111750899\",\"value\":{\"hamburgerLabelOpen\":\"Open Side Menu\",\"hamburgerLabelClose\":\"Close Side\r\nMenu\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/community/BrandLogo-1775111750899\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/community/BrandLogo-1775111750899\",\"value\":\r\n{\"logoAlt\":\"Khoros\",\"themeLogoAlt\":\"Brand Logo\",\"linkAriaLabel\":\"Go to community home\r\npage\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/community/NavbarTextLinks-1775111750899\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/community/NavbarTextLinks-1775111750899\",\"value\":\r\n{\"more\":\"More\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/search/SpotlightSearchIcon-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/search/SpotlightSearchIcon-1775111750899\",\"value\":{\"search\":\"Search\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/authentication/AuthenticationLink-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/authentication/AuthenticationLink-1775111750899\",\"value\":{\"title.login\":\"Sign\r\nIn\",\"title.registration\":\"Register\",\"title.forgotPassword\":\"Forgot Password\",\"title.multiAuthLogin\":\"Sign\r\nIn\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/nodes/NodeLink-1775111750899\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/nodes/NodeLink-1775111750899\",\"value\":{\"place\":\"Go back\r\nto {name}\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/messages/MessageView/MessageViewStandard-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/messages/MessageView/MessageViewStandard-1775111750899\",\"value\":\r\n{\"anonymous\":\"Anonymous\",\"author\":\"{messageAuthorLogin}\",\"authorBy\":\"{messageAuthorLogin}\",\"board\":\"\r\n{messageBoardTitle}\",\"replyToUser\":\" to {parentAuthor}\",\"showMoreReplies\":\"Show\r\nMore\",\"replyText\":\"Reply\",\"repliesText\":\"Replies\",\"markedAsSolved\":\"Marked as Solution\",\"messageStatus\":\"Status:\r\n\",\"statusChanged\":\"Status changed: {previousStatus} to {currentStatus}\",\"statusAdded\":\"Status added:\r\n{status}\",\"statusRemoved\":\"Status removed: {status}\",\"labelExpand\":\"expand replies\",\"labelCollapse\":\"collapse\r\nreplies\",\"unhelpfulReason.reason1\":\"Content is outdated\",\"unhelpfulReason.reason2\":\"Article is missing\r\ninformation\",\"unhelpfulReason.reason3\":\"Content is for a different Product\",\"unhelpfulReason.reason4\":\"Doesn't match\r\nwhat I was searching for\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/messages/MessageReplyCallToAction-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/messages/MessageReplyCallToAction-1775111750899\",\"value\":{\"leaveReply\":\"Leave a\r\nreply...\",\"leaveReply@board:BLOG@message:root\":\"Leave a\r\ncomment...\",\"leaveReply@board:TKB@message:root\":\"Leave a\r\ncomment...\",\"leaveReply@board:IDEA@message:root\":\"Leave a\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 42 of 44\n\ncomment...\",\"leaveReply@board:OCCASION@message:root\":\"Leave a comment...\",\"repliesTurnedOff.FORUM\":\"Replies\r\nare turned off for this topic\",\"repliesTurnedOff.BLOG\":\"Comments are turned off for this\r\ntopic\",\"repliesTurnedOff.TKB\":\"Comments are turned off for this topic\",\"repliesTurnedOff.IDEA\":\"Comments are turned\r\noff for this topic\",\"repliesTurnedOff.OCCASION\":\"Comments are turned off for this topic\",\"infoText\":\"Stop poking\r\nme!\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/community/NavbarDropdownToggle-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/community/NavbarDropdownToggle-1775111750899\",\"value\":{\"ariaLabelClosed\":\"Press the down arrow to open the\r\nmenu\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/messages/MessageCoverImage-1775111750899\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/messages/MessageCoverImage-1775111750899\",\"value\":\r\n{\"coverImageTitle\":\"Cover Image\"},\"localOverride\":false},\"CachedAsset:text:en_US-shared/client/components/nodes/NodeTitle-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-shared/client/components/nodes/NodeTitle-1775111750899\",\"value\":{\"nodeTitle\":\"{nodeTitle, select, community\r\n{Community} other {{nodeTitle}}} \"},\"localOverride\":false},\"CachedAsset:text:en_US-components/messages/MessageTimeToRead-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/messages/MessageTimeToRead-1775111750899\",\"value\":{\"minReadText\":\"{min} MIN\r\nREAD\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/messages/MessageSubject-1775111750899\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/messages/MessageSubject-1775111750899\",\"value\":\r\n{\"noSubject\":\"(no subject)\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/users/UserLink-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/users/UserLink-1775111750899\",\"value\":\r\n{\"authorName\":\"View Profile: {author}\",\"anonymous\":\"Anonymous\",\"ariaLabel.rank\":\"Rank:\r\n{rankName}\"},\"localOverride\":false},\"CachedAsset:text:en_US-shared/client/components/users/UserRank-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-shared/client/components/users/UserRank-1775111750899\",\"value\":{\"rankName\":\"{rankName}\",\"userRank\":\"Author rank\r\n{rankName}\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/messages/MessageTime-1775111750899\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/messages/MessageTime-1775111750899\",\"value\":\r\n{\"postTime\":\"Published: {time}\",\"lastPublishTime\":\"Last Update: {time}\",\"conversation.lastPostingActivityTime\":\"Last\r\nposting activity time: {time}\",\"conversation.lastPostTime\":\"Last post time: {time}\",\"moderationData.rejectTime\":\"Rejected\r\ntime: {time}\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/messages/MessageBody-1775111750899\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/messages/MessageBody-1775111750899\",\"value\":\r\n{\"showMessageBody\":\"Show More\",\"mentionsErrorTitle\":\"{mentionsType, select, board {Board} user {User} message\r\n{Message} other {}} No Longer Available\",\"mentionsErrorMessage\":\"The {mentionsType} you are trying to view has been\r\nremoved from the community.\",\"videoProcessing\":\"Video is being processed. Please try again in a few\r\nminutes.\",\"bannerTitle\":\"Video provider requires cookies to play the video. Accept to continue or {url} it directly on the\r\nprovider's site.\",\"buttonTitle\":\"Accept\",\"urlText\":\"watch\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/messages/MessageCustomFields-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/messages/MessageCustomFields-1775111750899\",\"value\":{\"CustomField.default.label\":\"Value of\r\n{name}\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/messages/MessageRevision-1775111750899\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/messages/MessageRevision-1775111750899\",\"value\":\r\n{\"lastUpdatedDatePublished\":\"{publishCount, plural, one{Published} other{Updated}}\r\n{date}\",\"lastUpdatedDateDraft\":\"Created {date}\",\"version\":\"Version {major}.\r\n{minor}\"},\"localOverride\":false},\"CachedAsset:text:en_US-shared/client/components/common/QueryHandler-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-shared/client/components/common/QueryHandler-1775111750899\",\"value\":{\"title\":\"Query Handler\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/tags/TagList-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/tags/TagList-1775111750899\",\"value\":{\"showMoreFor\":\"Show more for {title}\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/messages/MessageReplyButton-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/messages/MessageReplyButton-1775111750899\",\"value\":{\"repliesCount\":\"\r\n{count}\",\"title\":\"Reply\",\"title@board:BLOG@message:root\":\"Comment\",\"title@board:TKB@message:root\":\"Comment\",\"title@board:IDEA@message:\r\ncomponents/messages/MessageAuthorBio-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/messages/MessageAuthorBio-1775111750899\",\"value\":{\"sendMessage\":\"Send\r\nMessage\",\"actionMessage\":\"Follow this blog board to get notified when there's new activity\",\"coAuthor\":\"CO-PUBLISHER\",\"contributor\":\"CONTRIBUTOR\",\"userProfile\":\"View Profile\",\"iconlink\":\"Go to {name}\r\n{type}\"},\"localOverride\":false},\"CachedAsset:text:en_US-shared/client/components/users/UserAvatar-1775111750899\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-shared/client/components/users/UserAvatar-1775111750899\",\"value\":\r\n{\"altText\":\"{login}'s avatar\",\"altTextGeneric\":\"User's avatar\"},\"localOverride\":false},\"CachedAsset:text:en_US-shared/client/components/ranks/UserRankLabel-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-shared/client/components/ranks/UserRankLabel-1775111750899\",\"value\":{\"altTitle\":\"Icon for {rankName}\r\nrank\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/tags/TagView/TagViewChip-1775111750899\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/tags/TagView/TagViewChip-1775111750899\",\"value\":\r\n{\"tagLabelName\":\"Tag name {tagName}\"},\"localOverride\":false},\"CachedAsset:text:en_US-components/users/UserRegistrationDate-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-components/users/UserRegistrationDate-1775111750899\",\"value\":{\"noPrefix\":\"{date}\",\"withPrefix\":\"Joined\r\n{date}\"},\"localOverride\":false},\"CachedAsset:text:en_US-shared/client/components/nodes/NodeAvatar-1775111750899\":\r\n{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-shared/client/components/nodes/NodeAvatar-1775111750899\",\"value\":\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 43 of 44\n\n{\"altTitle\":\"Node avatar for {nodeTitle}\"},\"localOverride\":false},\"CachedAsset:text:en_US-shared/client/components/nodes/NodeDescription-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-shared/client/components/nodes/NodeDescription-1775111750899\",\"value\":{\"description\":\"\r\n{description}\"},\"localOverride\":false},\"CachedAsset:text:en_US-shared/client/components/nodes/NodeIcon-1775111750899\":{\"__typename\":\"CachedAsset\",\"id\":\"text:en_US-shared/client/components/nodes/NodeIcon-1775111750899\",\"value\":{\"contentType\":\"Content Type {style, select, FORUM {Forum} BLOG {Blog} TKB {Knowledge\r\nBase} IDEA {Ideas} OCCASION {Events} other {}}\r\nicon\"},\"localOverride\":false}}}},\"page\":\"/blogs/BlogMessagePage/BlogMessagePage\",\"query\":\r\n{\"boardId\":\"microsoftsecurityexperts\",\"messageSubject\":\"phish-click-breach-hunting-for-a-sophisticated-cyber-attack\",\"messageId\":\"4267916\"},\"buildId\":\"VXuOn2D5MfObWEiRanLQ9\",\"runtimeConfig\":\r\n{\"buildInformationVisible\":false,\"logLevelApp\":\"info\",\"logLevelMetrics\":\"info\",\"surveysEnabled\":true,\"openTelemetry\":\r\n{\"clientEnabled\":false,\"configName\":\"o365\",\"serviceVersion\":\"26.1.0\",\"universe\":\"prod\",\"collector\":\"http://localhost:4318\",\"logLevel\":\"error\",\"routeCha\r\n[\"components_community_Navbar_NavbarWidget\",\"components_community_Breadcrumb_BreadcrumbWidget\",\"components_customComponent_Custo\r\n[{\"id\":\"analytics\",\"src\":\"https://techcommunity.microsoft.com/t5/s/gxcuf89792/pagescripts/1751476272000/analytics.js?\r\npage.id=BlogMessagePage\u0026entity.id=board%3Amicrosoftsecurityexperts\u0026entity.id=message%3A4267916\",\"strategy\":\"afterInteractive\"}]}\r\nSource: https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nhttps://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916\r\nPage 44 of 44",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MISPGALAXY",
		"Malpedia"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/phish-click-breach-hunting-for-a-sophisticated-cyber-attack/4267916"
	],
	"report_names": [
		"4267916"
	],
	"threat_actors": [
		{
			"id": "908cf62e-45cd-492b-bf12-d0902e12fece",
			"created_at": "2024-08-20T02:00:04.543947Z",
			"updated_at": "2026-04-10T02:00:03.68848Z",
			"deleted_at": null,
			"main_name": "UNC4393",
			"aliases": [
				"Storm-1811",
				"CURLY SPIDER",
				"STAC5777"
			],
			"source_name": "MISPGALAXY:UNC4393",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "fa806f03-ec33-42db-99ee-59db37666ee0",
			"created_at": "2024-02-02T02:00:04.090714Z",
			"updated_at": "2026-04-10T02:00:03.566756Z",
			"deleted_at": null,
			"main_name": "Storm-1674",
			"aliases": [],
			"source_name": "MISPGALAXY:Storm-1674",
			"tools": [],
			"source_id": "MISPGALAXY",
			"reports": null
		},
		{
			"id": "6bc98fce-5e1c-46d8-9d1a-64b5cb5febc3",
			"created_at": "2025-04-23T02:00:55.20526Z",
			"updated_at": "2026-04-10T02:00:05.307504Z",
			"deleted_at": null,
			"main_name": "Storm-1811",
			"aliases": [
				"Storm-1811"
			],
			"source_name": "MITRE:Storm-1811",
			"tools": [
				"Black Basta",
				"Cobalt Strike",
				"Quick Assist",
				"BITSAdmin",
				"PsExec",
				"Impacket",
				"QakBot"
			],
			"source_id": "MITRE",
			"reports": null
		}
	],
	"ts_created_at": 1775434283,
	"ts_updated_at": 1775826697,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/f40aebecc71ecd3a25d8238db5cd37753eb143ed.pdf",
		"text": "https://archive.orkl.eu/f40aebecc71ecd3a25d8238db5cd37753eb143ed.txt",
		"img": "https://archive.orkl.eu/f40aebecc71ecd3a25d8238db5cd37753eb143ed.jpg"
	}
}