Ongoing Azure compromises target senior execs, Microsoft 365 apps

Dozens of environments and hundreds of individual user accounts have already been compromised in an ongoing campaign targeting Microsoft Azure corporate clouds.

The activity is in some ways scattershot — involving data exfiltration, financial fraud, impersonation, and more, against organizations in a wide variety of geographic regions and industry verticals — but also very honed, with tailor-made phishing directed at highly strategic individuals along the corporate ladder.

“While attackers may appear opportunistic in their approach, the extensive range of post-compromise activities suggests an increasing level of sophistication,” a Proofpoint representative tells Dark Reading. “We acknowledge that threat actors demonstrate adaptability by selecting appropriate tools, tactics, and procedures (TTPs) from a diverse toolkit to suit each unique circumstance. This adaptability reflects a growing trend within the cloud threat landscape.”

Corporate Cloud Compromise

The ongoing activity dates back at least a few months to November, when researchers first spotted suspicious emails containing shared documents.

The documents typically use individualized phishing lures and, often, embedded links that redirect to malicious phishing pages. The goal in each case is to obtain Microsoft 365 login credentials.

What stands out is the diligence with which the attacks target different, variously leverageable employees within organizations.

To read the complete article, visit Dark Reading.