Microsoft Threat Intelligence has disclosed details of a cyberattack carried out by a threat actor tracked as Storm-2949, which escalated from a targeted identity compromise into a large-scale breach of cloud infrastructure and sensitive enterprise systems. The campaign focused heavily on data theft from Microsoft 365 services, Azure-hosted production environments, and cloud storage resources, demonstrating how compromised identities can become gateways to an organization’s entire cloud ecosystem.

According to Microsoft, the attack unfolded in two primary stages: an initial identity compromise phase followed by a broader cloud infrastructure takeover. Rather than deploying traditional mal...