Microsoft researchers say threat actors abused OAuth to deploy VMs for cryptomining, establish persistence following BEC attacks, and launch spamming activity.
Article Link: Threat actors launch financially motivated attacks abusing OAuth applications | SC Media