"Sloppy Entra ID Credentials Attract Hybrid Cloud Ransomware"

The group, known as "Storm-0501," targets schools, hospitals, and other vulnerable organizations for financial gain. Microsoft Threat Intelligence reports that Storm-0501 has been affiliated with various Ransomware-as-a-Service (RaaS) strains such as "BlackCat/ALPHV," "LockBit," and "Embargo." The ransomware group has now changed tactics as it now exploits hybrid cloud environments with weak passwords and overprivileged accounts instead of just buying initial access from brokers. In one campaign that targeted Entra ID credentials, they broke into the on-premises environment at a target, then moved into the cloud. This article continues to discuss new findings regarding the Storm-0501 group.

Dark Reading reports "Sloppy Entra ID Credentials Attract Hybrid Cloud Ransomware"

Submitted by grigby1
 

Submitted by Gregory Rigby on