1. Forum
  2. tqwNet
  3. TQW GENTECH

  • Microsoft warns hackers are exploiting password resets to gain ac

    From TechnologyDaily@1337:1/100 to All on Wednesday, May 20, 2026 19:15:28
    Microsoft warns hackers are exploiting password resets to gain access to user accounts - here's how to stay safe

    Date:
    Wed, 20 May 2026 18:05:00 +0000

    Description:
    Storm-2949 is engaged in a "methodical, sophisticated, and multi-layered" campaign against Microsoft 365 accounts.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Microsoft researchers warn Storm2949 is abusing the SelfService Password Reset flow to hijack accounts Attackers trick victims into approving MFA prompts via phone calls, then
    reset passwords and exfiltrate sensitive data The campaign targets Microsoft 365 and Azure environments, with Microsoft urging tighter RBAC controls and monitoring of highrisk operations A hacking group known as Storm-2949 is abusing the password reset feature in Microsoft s services to steal people's login credentials, access their accounts, and exfiltrate as much sensitive data as possible.

    A new report published by the Microsoft Defender Security Research Team
    claims that at the heart of this campaign is the Self-Service Password Reset (SSPR) flow found in the Microsoft ecosystem. Usually, when an employee forgets their credentials and clicks the Forgot my password button, Microsoft sends an MFA prompt to their registered secondary device. When the employee approves it, they are allowed to set a new password through the same device the process was initiated at first. Latest Videos From You may like New $900-per-month malware service enables widespread account hijacking Microsoft flags major phishing campaign targeting 35,000 users across 26 countries Microsoft flags China-based hackers using vicious new 'rapid attack'
    zero-days to launch ransomware at targets across the world How to defend Storm-2949 was abusing it in highly targeted attacks. First, they would identify their target, obtain their phone number, as well as the email used
    to log into Microsofts services. Then, they would initiate the password reset flow and simultaneously call the victims on the phone.

    They would introduce themselves as IT technicians and would convince the victims into approving the MFA prompt, effectively being allowed to create a new password.

    The next step is to push the victim out of the account and exfiltrate as much information as possible.

    The Microsoft Threat Intelligence team described the campaign as methodical, sophisticated, and multi-layered targeting Microsoft 365 applications, file-hosting services, and Azure -hosted production environments. Are you a pro? Subscribe to our newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting
    your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    In one instance, Storm-2949 used the OneDrive web interface to download thousands of files in a single action to their own infrastructure, Microsoft said. This pattern of data theft was repeated across all compromised user accounts, likely because different identities had access to different folders and shared directories.

    To defend against this campaign, Microsoft suggests users limit Azure RBAC permissions, retain Azure Key Vault logs for a year, reduce access to Key Vault, and restrict public access to Key Vaults. It also advises using data protection options in Azure Storage, and monitoring for high-risk Azure management operations. The best antivirus for all budgets Our top picks,
    based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/microsoft-warns-hackers-are-exploiting- password-resets-to-gain-access-to-user-accounts-heres-how-to-stay-safe


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)