In a nutshell, you are so wrong it is impossible to explain just how wrong you are except to point out that 10 minutes after I posted this you are blaming Outlook when Outlook is literally mentioned once in the 17 pages here. And it is mentioned in the context of this APT bypassing the MFA on OWA, not the outlook application itself.
Nearly the entire enterprise world uses Outlook, they operate within a microsoft exchange environment either on premises, in the cloud via exchange online with microsoft azure, or a hybrid environment
Eh, they probably had to hack to steal the key in the first place. Which hacks aren't a means to facilitate theft, besides defacements or DDoS? Most are. Even DDoSes are often smokescreens for a hack+theft behind the scenes. A breach almost always involves theft of information to some degree. They go hand-in-hand and your comment makes it seem like the hack/breach was trivial.
In a nutshell, you are so wrong it is impossible to explain just how wrong you are except to point out that 10 minutes after I posted this you are blaming Outlook when Outlook is literally mentioned once in the 17 pages here. And it is mentioned in the context of this APT bypassing the MFA on OWA, not the outlook application itself.
Nearly the entire enterprise world uses Outlook, they operate within a microsoft exchange environment either on premises, in the cloud via exchange online with microsoft azure, or a hybrid environment
No, it's a hack. The outlook token issue is one of 19 attack techniques utilized in this event.
Eh, they probably had to hack to steal the key in the first place. Which hacks aren't a means to facilitate theft, besides defacements or DDoS? Most are. Even DDoSes are often smokescreens for a hack+theft behind the scenes. A breach almost always involves theft of information to some degree. They go hand-in-hand and your comment makes it seem like the hack/breach was trivial.