Cybercriminals are leveraging the TeamFiltration pentesting tool in a widespread campaign against Office 365 accounts, targeting over 80,000 user accounts since December. Attribution points to a group known as UNK_SneakyStrike, deploying attacks on roughly 100 cloud tenants with notable patterns of activity. The misuse of the tool, originally intended for penetration testing, has enabled password spraying, data extraction, and backdoor creation via OneDrive. Researchers at Proofpoint detected unique activity patterns through a simulated user agent, leading to identification of this malicious use across multiple AWS regions, particularly the U.S.
Cybercriminals are increasingly misusing the TeamFiltration pentesting tool for massive campaigns targeting Office 365 accounts, with over 80,000 accounts affected.
Proofpoint's research reveals a patterns in attacks using TeamFiltration, indicating surges of activity interspersed with quiet stretches, particularly affecting both small and large enterprises.
Collection
[
|
...
]