Open
Description
⚠️ Please include as much detail as possible. Please do not submit any private, sensitive, and/or proprietary information.
- Contributor Name: Syne0
- RogueApp Name: Fastmail
- RogueApp ID: 77468577-4f6e-40e7-b745-11d3d0c28095
- RogueApp Description: Fastmail is an alternative email service that allows export from various email providers, including Microsoft365. If a malicious party consents to Fastmail with an account, all email is exfiltrated to an attacker-controlled Fastmail account, with the option to continue to exfiltrate email post-consent.
- App Owner Organization ID: 9188040d-6c67-4c5b-b112-36a304b66dad
- App Publisher Name: Publisher not verified
- App Publisher ID: Publisher not verified
- Permissions:
Microsoft Graph: openid (Delegated)
Microsoft Graph: email (Delegated)
Microsoft Graph: offline_access (Delegated)
Microsoft Graph: IMAP.AccessAsUser.All (Delegated)
Microsoft Graph: SMTP.Send (Delegated) - Tags: Persistence, Exfiltration
- MITRE ATT&CK IDs: T1114.002, T1567.002, T1136.003 or T1098.001 could be either or both
- References: https://cybercorner.tech/common-oauth-apps-used-in-business-email-compromise/#Fastmail, https://www.fastmail.help/hc/en-us/articles/360060590593-Migrate-to-Fastmail-from-another-provider
- Date Added:
Reference
The RogueApp specification is defined in types.ts. Please submit as much information as you can for each field (it does not have to be 100% complete but please submit everything you can!)