Data-Exfiltration - 1

2026 (3)

April (2)

security: Cross‑tenant helpdesk impersonation to data exfiltration: A human-operated intrusion playbook

Microsoft Security Blog

2026-04-18

Threat actors are using external Microsoft Teams collaboration to impersonate IT helpdesk staff, trick users into granting remote access, and then abuse legitimate tools and admin protocols for lateral movement and data exfiltration. Microsoft Defender can help detect this activity across Teams, endpoint, and identity telemetry.

security: Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations

Microsoft Security Blog

2026-04-06

Microsoft says Storm-1175 is running fast-moving Medusa ransomware campaigns that exploit recently disclosed vulnerabilities in web-facing systems for initial access, data theft, and ransomware deployment. The actor uses Medusa ransomware, also referred to as Gaze.exe.

March (1)

security: Malicious AI Assistant Extensions Harvest LLM Chat Histories

Microsoft Security Blog

2026-03-05

Microsoft reports a campaign of malicious AI browser extensions that exfiltrated LLM chat histories and browsing data from services including ChatGPT and DeepSeek, affecting large numbers of users and enterprises.