An ongoing threat campaign dubbed VEILDrive has been observed taking advantage of legitimate services from Microsoft, including Teams, SharePoint, Quick Assist, and OneDrive, as part of its modus operandi. “Leveraging Microsoft SaaS services including Teams, SharePoint, Quick Assist, and OneDrive the attacker exploited the trusted infrastructures of previously compromised organizations to