Researchers recently examined more than 400 malware families and found that 25 percent of them abused legitimate internet services as part of their attack infrastructure.
Microsoft fixed one actively exploited vulnerability in its August patch Tuesday releases, along with 72 other bugs.
Microsoft was criticized after it took five months to fully patch an issue in its Power platform.
Researchers with Microsoft on Wednesday said that the threat actor has used a “highly targeted” social engineering attack to hit 40 global organizations.
The threat group used forged authentication tokens - with an acquired Microsoft account consumer signing key - to access the email accounts of more than two dozen organizations.