A new ATO campaign, codenamed UNK_SneakyStrike, utilizes the TeamFiltration framework to target Microsoft Entra ID accounts, affecting over 80,000 users since December 2024. The attackers execute enumeration and password spraying tactics while exploiting Microsoft resources, including Teams and Outlook. TeamFiltration, an open-source tool, facilitates these takeovers by enabling attackers to access and exfiltrate data. With operations traced back to multiple geographies, researchers emphasize the robust techniques employed to disguise their activities through a network of AWS servers, marking a notable rise in cloud-based security threats.
The UNK_SneakyStrike campaign involves over 80,000 targeted Microsoft Entra ID accounts, leveraging the TeamFiltration framework for sophisticated account takeovers.
Researchers noted that attackers exploit native Microsoft applications and utilize AWS servers for geographic cover in their attempts to breach accounts.
Collection
[
|
...
]