Hundreds of Azure cloud accounts compromised, senior execs targeted in latest breach

It’s ongoing and the scale may be higher

2 min. read

Published onFebruary 13, 2024

published onFebruary 13, 2024

Share this article

Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more

As per emerging reports, hundreds of Microsoft Azure accounts have been compromised in an ongoing breach, and critical data has been stolen. This has reportedly affected dozens of environments, and senior executives across several major corporations have been targeted.

According to cybersecurity firm,Proofpoint, the breach is using the same malicious campaign detected in November 2023, which integrates credential phishing and cloud account takeover(CTO)methods. It helps attackers gain access toOfficeHomeand, in turn, the Microsoft 365 apps.

Threat actors are found to have employed proxy services to bypass geographical restrictions as well as mask their true location.

How did the breach happen?

The attackers embedded links into documents, which redirected users to phishing websites. These links usually hadView Documentas the anchor text, which didn’t raise any suspicion.

The attack was meticulously planned and targeted both mid-level and senior employees, though more accounts belonging to the former were compromised.

As perProofpoint, roles such asSales Directors,Account Managers,Finance Managers,Vice President (Operations),Chief Financial Officer & Treasurer, andPresident & CEOwere the common targets.

This allowed the attackers to access information across levels and domains in the organizations.

In such attacks, once the account is compromised, threat actors deploy their ownMFA(Multi-factor authentication)for prolonged access, say adding an alternate mobile number or setting up an authenticator app such that the user can’t regain access.

Besides, attackers remove all evidence of suspicious activity to clear their tracks.

These attacks are aimed at data theft and committing financial fraud. While there is no clear evidence, as of now, to identify the threat actors, it’s believed that these attacks originated from Russia and Nigeria, based on the use of local fixed-line ISPs from these regions.

At present, it’s recommended affected users change their passwords right away, if possible, and that organizations strictly enforce a periodic password change policy.

In the long run, organizations can employsecurity solutionsto bolster the security infrastructure in a bid to thwart such attacks.

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low#

Copilot in Outlook will generate personalized themes for you to customize the app#

Microsoft will raise the price of its 365 Suite to include AI capabilities#

Death Stranding Director’s Cut is now Xbox X|S at a huge discount#

Outlook will let users create custom account icons so they can tell their accounts apart easier#

Hundreds of Azure cloud accounts compromised, senior execs targeted in latest breach#

How did the breach happen?#

With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low

Copilot in Outlook will generate personalized themes for you to customize the app

Microsoft will raise the price of its 365 Suite to include AI capabilities

Death Stranding Director’s Cut is now Xbox X|S at a huge discount

Outlook will let users create custom account icons so they can tell their accounts apart easier

Hundreds of Azure cloud accounts compromised, senior execs targeted in latest breach

How did the breach happen?