Microsoft Azure, Microsoft’s cloud service, has experienced its largest security breach to date, with hundreds of executive accounts compromised. This breach was part of a cyberattack that targeted high-level employees of big companies, exposing sensitive user data across various sectors.
The attack, identified by cybersecurity firm Proofpoint, utilized phishing techniques and cloud account takeovers similar to those seen in a malicious campaign from November 2023. Hackers used proxy services to hide their locations and embedded phishing links in documents to redirect users to fraudulent websites, often under the guise of viewing a document, to steal credentials.
Targets included mid to senior-level positions, with sales directors, account managers, financial directors, operations VPs, and CEOs among the most affected. This allowed attackers to access a wide range of organizational information. The attackers also implemented measures to maintain access, such as setting up their own multifactor authentication and erasing signs of their intrusion.
The primary goals of these attacks appear to be data theft and financial fraud. While the perpetrators’ identities remain unconfirmed, evidence suggests they may be based in Russia and Nigeria, using local ISPs from these regions.
No