jukelennings
commented
2 months ago I haven't been able to find any technical source that makes it truly clear how the documents were delivered to targets or general details around it beyond "shared documents".
This is one I can't be 100% sure of but it seems most likely that "shared documents" did mean putting malicious links inside a document and then using document sharing functionality and so it would most closely align with in-app phishing if so. On balance of probabilities, I'll include as a reference.
https://www.itpro.com/cloud/cloud-security/hundreds-of-enterprises-are-being-targeted-in-a-microsoft-azure-cloud-account-takeover-campaign-heres-what-you-need-to-know