security: How Storm-2949 turned a compromised identity into a cloud-wide breach
Microsoft Security Blog
2026-05-18
Microsoft describes an incident where Storm-2949 used stolen credentials to expand from an identity compromise into a cloud-wide data theft campaign without malware. The post highlights how attackers can abuse trusted systems and avoid detection.