Slack organization created
Description
AlphaSOC detected the creation of a new Slack organization using the
organization_created action. Threat actors may establish new Slack
organizations to maintain persistence in the environment.
Impact
The creation of an unauthorized Slack organization enables prolonged adversary access to your environment. This poses significant security risks including unauthorized access to sensitive data, potential data exfiltration channels, and modifications to user permissions.
Severity
| Severity | Condition |
|---|---|
Informational | Slack organization created |
Investigation and Remediation
Investigate the legitimacy of the newly created Slack organization. If the organization creation was unauthorized, disable it and rotate any potentially compromised credentials.