Search for an article

Select a plan

Choose a plan from below, subscribe, and get access to our exclusive articles!

Monthly plan

$
13
$
0
billed monthly

Yearly plan

$
100
$
0
billed yearly

All plans include

  • Donec sagittis elementum
  • Cras tempor massa
  • Mauris eget nulla ut
  • Maecenas nec mollis
  • Donec feugiat rhoncus
  • Sed tristique laoreet
  • Fusce luctus quis urna
  • In eu nulla vehicula
  • Duis eu luctus metus
  • Maecenas consectetur
  • Vivamus mauris purus
  • Aenean neque ipsum
Customize Consent Preferences

We use cookies to help you navigate efficiently and perform certain functions. You will find detailed information about all cookies under each consent category below.

The cookies that are categorized as "Necessary" are stored on your browser as they are essential for enabling the basic functionalities of the site. ... 

Always Active

Necessary cookies are required to enable the basic features of this site, such as providing secure log-in or adjusting your consent preferences. These cookies do not store any personally identifiable data.

No cookies to display.

Functional cookies help perform certain functionalities like sharing the content of the website on social media platforms, collecting feedback, and other third-party features.

No cookies to display.

Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics such as the number of visitors, bounce rate, traffic source, etc.

No cookies to display.

Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.

No cookies to display.

Advertisement cookies are used to provide visitors with customized advertisements based on the pages you visited previously and to analyze the effectiveness of the ad campaigns.

No cookies to display.

HomeMalware & ThreatsExecutives in Microsoft Azure Targeted in Account Takeover Campaign

Executives in Microsoft Azure Targeted in Account Takeover Campaign

Published on

spot_img

A recent phishing campaign targeting senior corporate accounts in Microsoft Azure environments has researchers concerned. The campaign, which appears to be financially motivated, has compromised hundreds of user accounts across multiple Microsoft Azure environments. Proofpoint researchers, who discovered the campaign, found that the hackers are using individualized phishing lures to target sales directors, account managers, finance managers, and individuals with titles such as “vice president, operations” or “president & CEO.”

The phishing lures include shared documents containing links that redirect users to a malicious phishing webpage. In one incident, dozens of compromised U.K. and U.S.-based employees, including external contractors, were identified from a leading American company in the consumer goods sector.

To evade detection, the threat actors behind the campaign are using proxies tied to the geographic location of the victims in order to circumvent geofencing policies that restrict logs from suspect locations. These proxies are provided by Russia-based Selena Telecom LLC and Nigerian providers Airtel Networks Limited and MTN Nigeria Communication Limited.

The researchers also noted that the threat actor uses a particular user agent string that suggests they use a Chrome browser on a Linux desktop when accessing the Office365 logon portal or the Microsoft “My Sign-Ins” app. This string is used by the attackers to register their own multifactor authentication method to the compromised accounts.

Furthermore, the attackers have been found to download files containing financial assets, internal security protocols, and user credentials. They also use compromised email accounts to send additional personalized phishing emails and contact financial departments to perpetrate fraud.

The extensive range of post-compromise activities suggests an increasing level of sophistication on the part of the attackers, according to Proofpoint. In most cases, the attackers register their own authenticator app and add new sign-in methods, such as a new telephone number, to receive a one-time code.

“While attackers may appear opportunistic in their approach, the extensive range of post-compromise activities suggests an increasing level of sophistication,” Proofpoint told Information Security Media Group.

This still-active phishing campaign is a cause for concern and serves as a reminder for organizations to remain vigilant against such targeted attacks. It also highlights the need for robust email security measures and employee training to recognize and avoid falling victim to phishing attempts.

The researchers did not attribute the campaign to a specific threat actor, but it is evident that the attackers are using increasingly sophisticated methods to gain access to sensitive information and perpetrate fraud. Therefore, it is crucial for organizations to continually assess and improve their cybersecurity defenses to stay one step ahead of malicious actors.

Source link

Latest articles

Investigation into the crimes of a Scottish cyber stalker by the BBC

The BBC is set to delve into the bizarre case of Adele Rennie, one...

Weekly Update 435 from www.troyhunt.com

In a recent update on www.troyhunt.com, the author Troy Hunt discussed his hesitations about...

PoC Exploit released for TP-Link Code Execution Vulnerability(CVE-2024-54887)

A critical vulnerability in the TP-Link TL-WR940N router has been identified by a security...

HPE Investigates Alleged Data Breach

Hewlett Packard Enterprise (HPE) is currently in the midst of an investigation following claims...

More like this

Investigation into the crimes of a Scottish cyber stalker by the BBC

The BBC is set to delve into the bizarre case of Adele Rennie, one...

Weekly Update 435 from www.troyhunt.com

In a recent update on www.troyhunt.com, the author Troy Hunt discussed his hesitations about...

PoC Exploit released for TP-Link Code Execution Vulnerability(CVE-2024-54887)

A critical vulnerability in the TP-Link TL-WR940N router has been identified by a security...