How to Detect Activity Like This in Outlook 365 Accounts

A Chinese APT actor apparently gained access to the Outlook 365 accounts of a number of different US federal agencies. The problem in this case was not a vulnerability per se, as stated by a blog post from Microsoft and SISA. This particular threat actor apparently got a hold of a signing key used by Microsoft. We do have a great sort of follow-up diary with Jesse today where he talks about how to manage some of the logs that it retains.