More than 80,000 Microsoft Entra ID accounts affected by spraying password sprayers
- Advertisement -
Related Posts
- Advertisement -
- Hackers abuse a legitimate tool to focus on Entra ID accounts
- The password spray attack was aimed at around 80,000 accounts
- Attackers managed to take over some accounts and gain access to Microsoft teams, OneDrive, Outlook data
Cyber criminals have been spotted by abusing a legitimate tool for penetration tests to target the Entra ID user accounts of people password-Praying -attacks, experts warned.
Share in an in -depth analysis with TechRadar ProCyberSecurity researchers from Proofpoint claimed that tens of thousands of bills were directed and a few were compromised.
The researchers said that not further mentioned threat actors who participated in a large -scale attack that they have dubbed unk_sneakystrike.
“Different” accounts are compromised
In this campaign, the attackers used a legitimate Pentesting -Tero Team filtration called.
This tool was made by a threat researcher at the beginning of 2021 and publicly released on Defcon30. It helps to automate different tactics, techniques and procedures (TTPs) that are used in modern ATO -EXPACTS chains.
“As with many security aids that are originally made and released for legitimate use, such as penetration tests and risk evaluation, team filtration was also used in malignant activity,” Proofpoint explained.
The researchers said the campaign probably started in December 2024. By abusing Microsoft Teams API and Amazon Webservices (AWS) servers around the world were able to launch the user improvement and password spraying attacks, aimed at around 80,000 user accounts on around 100 cloud tenants.
The three primary source straps that resulted from the attacks are the United States (42%), Ireland (11%) and Great Britain (8%).
Proofpoint said that in “different cases” the attackers managed to take over the accounts, access to valuable information in Microsoft teams, OneDrive, Outlook and other productivity tools.
There was no attribution, so we don’t know if an organized threat actor is behind this campaign. The researchers focused primarily on the use of legitimate tools for illegal purposes, and said they “can easily be armed” in an attempt to jeopardize user accounts, to exfil sensitive data and determine persistent foot cities.
“Proofpoint anticipates that threat factors will increasingly take on advanced burglary tools and platforms, such as team filtration, because they run away from less effective burglary methods.”
Maybe you like it too
- Advertisement -
