Using the Duo Admin API to Gather Cross-tenant Administrator Email Addresses

tl;dr — A threat actor can create a free Duo tenant, upgrade to a trial premium service plan to create an Admin API, and programmatically identify valid cross-tenant (within the same Duo deployment instance) Administrator email accounts to use in targeted phishing campaigns.

Duo Admin API Overview