Hackers are currently running a sophisticated campaign targeting senior figures within various organizations. Their goal is to hijack Azure Cloud accounts and gain unauthorized access to sensitive data.
The hackers initially lure their victims with personalized shared documents that contain malicious links. These links redirect unsuspecting users to fake login pages designed to steal account credentials.
Once they have the stolen login information, the hackers register their own multi-factor authentication methods. This locks the legitimate user out and gives the hackers full control over the compromised account.
With access secured, hackers download confidential files, target other employees using the victim’s email, engage in financial fraud, and actively try to hide their tracks.
Security experts have linked these attacks to proxy services that mask the hackers’ locations. Some of the internet service providers involved originate from Russia and Nigeria.