Ongoing Campaign to Take Over Senior Staff Accounts in Azure Cloud


An active cloud account takeover (ATO) campaign has already impacted dozens of Azure environments, compromising hundreds of user accounts on Microsoft’s cloud computing platform.

In late November 2023, Proofpoint researchers discovered an integrated campaign involving cloud ATO and credential phishing. It’s still in operation. Customized phishing baits are used in shared documents, such as embedded links that redirect users to a malicious phishing webpage in addition to the “view document” link. Senior roles like finance managers, account managers, and sales directors are frequently the targets.

According to the researchers, “those targeted included individuals holding executive positions such as vice president, operations,” “chief financial officer & treasurer,” and “president & CEO.”

Read More: Ongoing Azure Cloud Account Takeover Campaign Targeting Senior Personnel

Updates follow us on Google News ITsecuritywire News. Please subscribe to our Newsletter for more updates.