- Computer pirates are abusing a legitimate tool to aim to the Enter ID accounts
- The password spray attack was aimed at about 80,000 accounts
- The attackers managed to take care of some accounts, accessing the data of the Microsoft, OneDrive, Outlook Data
Cybercriminals have been abusing a legitimate penetration test tool to aim at the ID user accounts of people with password attacks, experts warned.
In an in -depth analysis shared with Techradar ProProofPoint cybersecurity researchers said that tens of thousands of accounts were attacked and some were compromised.
The researchers said that the unidentified threat actors dedicated themselves to a large -scale attack called Unk_sneakystike.
“Several” committed accounts
In this campaign, the attackers used a legitimate tool called Teamfiltration.
This tool was created by a threat researcher at the beginning of 2021 and publicly published in Defcon30. It helps automate several tactics, techniques and procedures (TTP) used in modern Ato attack chains.
“As with many safety tools that are originally created and released for legitimate uses, such as penetration and risk assessment tests, equipment filtration was also used in malicious activities,” Proofpoint explained.
The researchers said the campaign probably began in December 2024. By abusing Microsoft Teams and Amazon Web Services (AWS) API servers located worldwide, they could launch user energy attacks and password art, pointing to about 80,000 user accounts in approximately 100 cloud tenants.
The three geographies of main sources of which the attacks include the United States (42%), Ireland (11%) and Great Britain (8%).
ProofPoint said that in “several cases,” the attackers managed to take care of the accounts, accessing valuable information in Microsoft, OneDrive, Outlook and other productivity tools.
There was no attribution, so we do not know if any organized threat actor sits behind this campaign. The researchers focused mainly on the use of legitimate tools for illegitimate purposes, saying that they can “be easily armed” in an attempt to compromise user accounts, exfiltrate confidential data and establish persistent points of support.
“ProofPoint anticipates that threat actors will adopt more and more advanced intrusion tools and platforms, such as equipment filtration, since they revolve less effective intrusion methods.”
