SneakyStrike Scandal: 80,000 Microsoft Entra ID Accounts Hijacked by TeamFiltration Hackers!

Hackers are using the TeamFiltration framework to target over 80,000 Microsoft Entra ID accounts. The campaign, led by the threat actor UNK_SneakyStrike, has resulted in multiple account hijackings. Organizations should be wary and take steps to secure their systems against these crafty cyber-intruders.

3P
Published: June 12, 2025 2:48 pmAdded: June 12, 2025 at 8:06 amAssembled by: The Editor
Pro Dashboard

Hot Take:

Who knew that hackers were such big fans of “Team Building” exercises? In their latest escapade, they’ve taken it a bit too literally by “building” their teams with over 80,000 Microsoft Entra ID accounts. At this rate, they’ll need an HR department to manage all the stolen identities!

Key Points:

  • Hackers exploit TeamFiltration to target over 80,000 Microsoft Entra ID accounts.
  • The campaign, led by UNK_SneakyStrike, peaked on January 8 with 16,500 accounts targeted in a single day.
  • TeamFiltration, published in 2022, is a red-team tool used for large-scale attacks on Office 365 accounts.
  • Proofpoint researchers traced the attacks to specific user agents and OAuth client IDs used by TeamFiltration.
  • Organizations are advised to block suspicious IPs, enable multi-factor authentication, and enforce OAuth 2.0.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?