An ongoing campaign targeting Microsoft Azure corporate clouds has already compromised dozens of environments and hundreds of individuals. The activity involves data exfiltration, financial fraud, and impersonation, among others, in a variety of organizations. The organizations affected are in different geographic regions and industry verticals. The phishing, however, is directed at highly strategic individuals in each organization.
The organizations targeted appear to make the attackers opportunistic, however the range of post-compromise activities show a level of sophistication. The attackers have adaptability by using different tools, tactics and procedures for each circumstance. The ongoing activity started in November, when researchers spotted suspicious emails containing shared documents. The documents use phishing lures and embedded links that redirect of malicious phishing pages. The goal for the emails is to obtain Microsoft 365 login credentials.
Read More: Ongoing Azure Compromises Target Senior Execs, Microsoft 365 Apps