Hacker Group Storm-2949 Steals Azure User Data

The hacker group Storm-2949 recently launched an attack on Microsoft Azure, stealing data from users of the cloud service. The attackers gained access to accounts through the "Self-Service Password Reset" (SSPR) feature. They then manipulated users by posing as support staff and tricked them into confirming multi-factor authentication (MFA). Microsoft Threat Intelligence has described the attack as methodical and multi-layered. The hackers aimed to extract as much sensitive data as possible from the valuable resources of the target organization.

Attackers exfiltrated data from Microsoft 365 applications, file hosting services, and production environments hosted in Azure. After successfully accessing the accounts, the hackers were able to freely siphon off sensitive data. This information could be used for extortion or future attacks. Bleeping Computer reports that the attackers launched a relentless campaign to achieve their objectives. Microsoft has published guidelines on its security blog to help users protect themselves from this type of fraud.

The detailed methodology of the hackers is also described there to assist other organizations in preventing similar attacks. The vulnerability exploited by this attack could have far-reaching consequences for companies reliant on Azure. Microsoft has already taken measures to enhance the security of its services and educate users about the risks. The attackers employed a combination of social engineering and technical exploits to achieve their goals. These tactics are widespread in cybercrime and require companies to maintain constant vigilance and adapt their security strategies.

Incidents underscore the necessity for companies to regularly review and update their security protocols. In particular, training employees to handle suspicious requests and phishing attempts is crucial in preventing such attacks. Microsoft has announced that it will continue to invest in improving its security infrastructure to ensure the protection of user data. The exact number of affected users has not yet been disclosed; however, the threat from such attacks remains high. The vulnerability exploited by the attack could also affect other cloud services, alarming the entire industry. Companies are urged to strengthen their security measures and take proactive steps to protect their data. Microsoft plans to roll out security updates for all affected users by the end of June 2026.