Read at Ars Technica
Unknown attackers are targeting hundreds of Microsoft Azure accounts, including those of senior executives, in an ongoing campaign to steal sensitive data and financial assets from dozens of organizations. The attackers use phishing techniques and account takeovers to compromise the targeted accounts. They send emails to account owners with individualized phishing lures embedded with links that redirect users to phishing webpages. Once the accounts are compromised, the attackers secure them by enrolling them in various forms of multifactor authentication, making it harder for victims to change passwords or access dashboards.
The campaign attempts to compromise targeted Azure environments by sending account owners emails that integrate techniques for credential phishing and account takeovers.
The attackers target a wide range of individuals with diverse titles across different organizations. The affected user base includes Sales Directors, Account Managers, Finance Managers, as well as executive positions such as Vice President, Operations, Chief Financial Officer & Treasurer, and President & CEO. After compromising the accounts, the attackers download sensitive files, such as financial assets, and exfiltrate the data. They also employ authenticator apps with notifications and code for multifactor authentication.
Threat actors seemingly direct their focus toward a wide range of individuals holding diverse titles across different organizations, impacting hundreds of users globally.