Microsoft Details Storm-2949 Cloud Attack on Azure and Microsoft 365

Microsoft Threat Intelligence details a Storm-2949 campaign that abused MFA reset social engineering to hijack privileged Microsoft 365/Entra identities, then leveraged Azure management-plane features (Key Vault access, App Service publish profiles/Kudu, Storage/SQL management operations, VM extensions and Run Command) and legitimate administration tools (OAuth and secret-based auth, ScreenConnect) to gain persistent access and exfiltrate sensitive data from production cloud resources.