A new Microsoft Azure hacking campaign is targeting high-end executives
Hackers are going after highly-positioned professionals, including senior executives, with targeted phishing and cloud account takeover attacks, new research has claimed.
A report from Proofpoint outlined a new campaign to compromise Microsoft Azure environments and cloud accounts since late November 2023.
The unnamed threat actors were seen to be distributing individualized phishing lures within shared documents. Some of the documents, the researchers state, include embedded links to “View document” which just redirect the victims to a malicious phishing page that steals people’s login credentials.
Stealing data and covering their tracks
While the hackers seem to be casting a relatively wide net they’re still going after managers and the C-suite, with frequent targets being Sales Directors, Account Managers, and Finance Managers, and individuals holding executive positions such as “Vice President, Operations”, “Chief Financial Officer & Treasurer” and “President & CEO”.
If they succeed in breaching their targets’ cloud environments, the hackers do a number of things, from setting up their own multi-factor authentication, to maintain persistence, to data exfiltration. In some cases, they also use their position to engage in Business Email Compromise (BEC) and conduct wire fraud, by sending HR and Finance departments requests for payment.
Finally, they set up different mailbox rules to cover their tracks and erase any evidence of their presence from the target network.
While the hackers’ infrastructure included “several proxies, data hosting services and hijacked domains”, they also used local fixed-line ISPs which gave the researchers a lead on their location. Some of these non-proxy sources include the Russia-based ‘Selena Telecom LLC’, and Nigerian providers ‘Airtel Networks Limited’ and ‘MTN Nigeria Communication Limited,’ leading Proofpoint to surmise that the attackers could be Russian and Nigerian in origin.
However, it is worth mentioning that Proofpoint has not yet attributed this campaign to any particular threat actor.
More from TechRadar Pro
Hackers are going after highly-positioned professionals, including senior executives, with targeted phishing and cloud account takeover attacks, new research has claimed. A report from Proofpoint outlined a new campaign to compromise Microsoft Azure environments and cloud accounts since late November 2023. The unnamed threat actors were seen to be distributing…
Recent Posts
- Amazfit’s new low-cost wearable packs in a big display and 26 days of battery life
- As Questions Swirl Around Tesla’s Superchargers, the Race Is On to Fill the Power Gap
- Asus won’t say if the ROG Ally’s SD card reader will ever be truly fixed
- Quordle today – hints and answers for Thursday, May 2 (game #829)
- NYT Strands today — hints, answers and spangram for Thursday, May 2 (game #60)
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011