**FOR IMMEDIATE RELEASE: CISO ALERT**
**Subject: FBI Warning: Office 365 & OneDrive Accounts Directly Compromised**
The FBI has issued an urgent Private Industry Notification (PIN) regarding a critical threat vector targeting Microsoft 365 environments. The bureau confirms threat actors are now bypassing traditional phishing filters by weaponizing the **Outlook on the web** interface itself.
**The Threat:**
Hackers are exploiting legitimate OneDrive sharing features and Outlook email rules. Once internal credentials are stolen, attackers automatically create hidden inbox rules to delete or forward security alerts directly to the attacker. The victim is then locked out of their environment while the attacker exfiltrates data via seemingly legitimate file-sharing links from the victim’s own OneDrive.
**CEO Action Points:**
1. **Disable external OneDrive sharing** for non-essential users immediately.
2. **Audit all mailbox rules** across your tenant—specifically those forwarding emails to external domains.
3. **Enforce Conditional Access Policies** that block access from unknown IPs, even for "trusted" federated identities.
This is not a link-click issue. It is a credential theft issue now weaponized by the platform’s own features. Do not rely on user training alone. The underlying pattern is silent, automated, and currently undetected by static email gateways.
**Recommended Response:** Zero Trust Enablement. Assume accounts are currently compromised.