News
Microsoft Azure suffers the biggest security breach in its history
Hundreds of accounts belonging to executives would have been compromised.
- February 14, 2024
- Updated: August 6, 2024 at 6:43 AM
Hundreds of Azure accounts, Microsoft’s cloud service, would have been compromised in a security breach that has exposed critical user data. The cyberattack, which has affected multiple environments, targeted top executives of large companies.
According to the cybersecurity company Proofpoint, the hacking uses the same malicious campaign detected in November 2023, which integrates credential theft through phishing methods and cloud account takeover (CTO). This would help attackers gain access to OfficeHome and, at the same time, to Microsoft 365 applications.
The hackers allegedly used proxy services to bypass geographical restrictions and mask their true location. To carry out the attack, the cybercriminals embedded links in the documents that redirected users to phishing websites. These links often had the anchor text “View document,” which did not raise suspicions.
The attack was meticulously planned and targeted both mid-level and senior employees, although more accounts belonging to the former were compromised. According to Proofpoint, positions such as sales directors, account managers, financial directors, operations vice presidents, financial directors, presidents, and CEOs were the most common targets. This allowed the attackers to access information across the organization’s levels and domains.
In this type of attacks, once the account is compromised, cybercriminals deploy their own MFA (multifactor authentication) to prolong access, for example by adding an alternate mobile number or setting up an authentication app so that the user cannot regain access. In addition, attackers remove all evidence of suspicious activity to erase their tracks.
The objective of these cyber attacks is data theft and the commission of financial fraud. Although there is currently no clear evidence to identify the authors of the attacks, it is believed that they originated in Russia and Nigeria, based on the use of local fixed-line ISPs in these regions.
Publicist and audiovisual producer in love with social networks. I spend more time thinking about which videogames I will play than playing them.
Latest from Pedro Domínguez
- Google renews Circle to Search: new interface and improved access to features
- NASA expands its collaboration with SpaceX and Blue Origin for human presence on the Moon
- A Chinese laboratory has developed a reasoning AI model capable of competing with OpenAI
- This new Gmail feature will allow you to protect your identity and fight against spam
You may also like
Lorcana takes us on a journey through the Azurite Sea in its new expansion with a collection that aims to balance the game
Read more
How to add effects to our photos on the iPhone without third-party apps
Read more
Editing video is no longer a problem thanks to the simple and powerful Adobe Premiere Rush
Read more
While the second season of Arcane is incredible, we have bad news from Netflix
Read more
Niantic has been using Pokémon Go player data to train its AI
Read more
Five years later, a key piece of Star Wars is finally published
Read more