By Tushar Subhra Dutta
Publication Date: 2026-05-19 06:59:00
A threat actor known as Storm-2949 has launched a sophisticated, multi-layered cloud attack campaign targeting Microsoft Entra ID accounts to steal sensitive data from Microsoft 365 and Azure environments.
The campaign was recently uncovered and has raised serious concerns about how modern attackers can abuse legitimate cloud features to carry out large-scale data theft across organizations.
What makes this attack stand out is that it did not rely on traditional malware or device-level exploits. Instead, the attackers used legitimate Microsoft cloud management tools and administrative features to silently move through an organization’s entire cloud infrastructure.
Sensitive files, database credentials, application secrets, and stored data all fell into the attackers’ hands.
Microsoft said in a report shared with Cyber Security News (CSN) that Storm-2949 executed a relentless campaign focused on exfiltrating as much sensitive data as possible from a target…
