For example, inside the 2023 MGM attack, the attacker specifically accessed an account with Tremendous Admin permissions in Okta, which they coupled with an inbound federation assault to impersonate any user during the tenant, get Azure admin privileges, and authenticate on the Azure-hosted VMware atmosphere wherever they deployed ransomware. This