MalwareBleeping Computer
9.5 — CRITICAL
Microsoft Self-Service Password Reset abused in Azure data theft attacks
A threat actor targeting Microsoft 365 and Azure production environments is stealing data in attacks that abuse legitimate applications and administration features. [...]
🤖 AI BriefingAuto-generated threat analysis
🔍Threat Overview
Storm-2949, a threat actor targeting Microsoft 365 and Azure production environments, abused legitimate applications and administration features to exfiltrate sensitive data from high-value assets.
⚙️Technical Details
Affected Systems
Microsoft 365Azure
Attack Vectors
Self-Service Password Reset (SSPR) flowMicrosoft Graph APIOneDrive and SharePointAzure RBAC permissionsKey VaultsAzure SQL servers and Storage accounts
💥Impact Assessment
Severity: critical
Who Is at Risk
organizations with Microsoft 365 and Azure production environmentsindividuals with privileged roles, such as IT personnel or senior leadershipSeverity: critical
🛡️Recommended Actions
1adopt the principle of least privilege
2enable conditional access policies
3add MFA protection for all users
📦Affected Products
Microsoft 365Azure
Read the full article
This is a curated summary. The complete article is available at Bleeping Computer.