Skip to main content
close search
site logo
Dive Brief

Microsoft Azure customers hit by phishing, account takeover attacks

More than 200 organizations have been targeted via employee compromise, Proofpoint said.

Published Feb. 13, 2024
Matt Kapko's headshot
Senior Reporter
A signage of Microsoft is seen on March 13, 2020 in New York City.
A signage of Microsoft is seen on March 13, 2020 in New York City. Jeenah Moon / Stringer via Getty Images

Dive Brief:

  • Financially-motivated threat actors have successfully taken over Microsoft Azure environments operated by more than 100 organizations, according to Proofpoint.
  • Attackers are targeting individual employees, including executives, using phishing and cloud account takeover techniques to compromise their employer’s Microsoft Azure system, Proofpoint said Monday in a blog post. Microsoft did not respond to requests for comment.
  • “While the first signs of this attack were observed in late November, we’ve seen a substantial increase in the number of incidents during December and January,” a spokesperson for Proofpoint researchers said via email.

Dive Insight:

Proofpoint, attributing the attacks to financially-motivated threat actors, did not name the organizations impacted by these takeovers.

The ongoing Microsoft Azure account takeover campaign Proofpoint observed includes targeted phishing lures sent to members of the C-suite and employees in sales, finance and account management.

The threat actors behind this campaign have targeted more than 200 organizations affecting approximately 500 user accounts, a Proofpoint spokesperson said.

Once the threat actors gain initial access to a Microsoft Azure environment they carry out a host of malicious activity, according to Proofpoint, including multifactor authentication manipulation, data theft, follow-on phishing attacks and financial fraud.

The account takeover campaign comes during a period of heightened scrutiny of Microsoft’s internal and external security practices following a state-sponsored attack of senior-level executives and state-linked email hacks against 25 of its customers, including the U.S. State Department.

Microsoft, in response to these high-profile attacks and the criticism engulfing its business,  said it is overhauling its cybersecurity strategy inside and out.

Microsoft is a common target for threat actors, largely because of its ubiquity across IT environments. Of the 184 CVEs known to be used in ransomware attacks more than 2 in 5 are linked to Microsoft products, according to the Cybersecurity and Infrastructure Security Agency’s October analysis of its known exploited vulnerabilities catalog.

Filed Under: Cyberattacks

Editors' picks

Company Announcements

View all | Post a press release
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Editors' picks
Latest in Cyberattacks
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell