Protecting Microsoft Entra ID from AI-Driven Cloud Identity Attacks Using TeamFiltration

A new and deeply concerning evolution in cyberattack methodology is putting Microsoft Entra ID (formerly known as Azure Active Directory) users and organizations at unprecedented risk. This surge in account takeover (ATO) campaigns exploits TeamFiltration—a legitimate penetration testing tool whose original purpose is to empower defenders—to infiltrate cloud identities. Recent revelations from cybersecurity researchers reveal that more than 80,000 user accounts across hundreds of global organizations have been targeted by this campaign, which features a disturbing blend of stealth, automation, and cloud-based agility.

TeamFiltration: Security Tool Turned Threat Vector​

At its core, TeamFiltration is a multi-faceted, cross-platform penetration testing framework. Security professionals typically deploy it during red team exercises to simulate a range of post-exploitation activities within Office 365 and Entra ID environments. Its legitimate functions encompass:

• User enumeration and credential harvesting
• Password spraying (testing many accounts with a few passwords)
• Automated data extraction from Microsoft services including Outlook, Teams, and OneDrive
• Account persistence tactics (backdooring), allowing for repeated or undetected access

The tool’s unique selling point is its ability to automate large swathes of the attack chain—ideal for defenders trying to spot weaknesses, but catastrophic when used by malicious actors at scale.

Original Purpose and Red Team Utility​

The intention behind TeamFiltration’s creation was to provide red teams and cloud assessors with a comprehensive toolkit capable of testing modern identity defenses. Unlike traditional penetration testing suites geared toward on-premises infrastructure, TeamFiltration thrives in cloud-native environments, adapting to the complexities and integrated services of the Microsoft 365 ecosystem. Its features mirror what a skilled attacker might do after achieving an initial breach, giving defenders a realistic simulation of cloud credential theft, lateral movement, and data exfiltration risks.

Discovery of the UNK_SneakyStrike Campaign​

According to a detailed report from Proofpoint, the TeamFiltration-fueled campaign—dubbed UNK_SneakyStrike—was first observed in December 2024 and swiftly escalated in both sophistication and scale. The attackers capitalized on a combination of Microsoft Teams APIs and a diffuse infrastructure of Amazon Web Services (AWS) servers. By systematically rotating AWS regions, the threat actors ensured each wave of password spraying originated from fresh, globally distributed infrastructure. This tactic greatly complicated detection efforts, as organizations saw login attempts coming from hundreds of distinct addresses spanning over 100 AWS cloud tenants.

Technical Details: How the Attack Unfolds​

The attack flow starts with automated account enumeration—TeamFiltration queries Entra ID tenants for valid usernames, identifying targets for credential attacks. Following enumeration, the tool initiates password spraying, a technique that avoids account lockouts by slowly, systematically trying a small set of passwords against many accounts.
When TeamFiltration successfully compromises an account, the tool moves seamlessly to the next phase: persistence and lateral movement. Here, the attackers exploit a feature in Microsoft’s OAuth implementation called “Family Refresh Tokens” (FRTs). Traditionally, OAuth authorization tokens provide single-service access for a fixed lifetime. FRTs, however, allow tokens to be shared across related applications—meaning a breach of one service potentially grants access to a much broader swath of the user’s digital environment. If a malicious actor snags an FRT from Outlook, for instance, the same token could let them control Teams, OneDrive, and other services tethered to the same account.

Data Exfiltration and Automation​

Perhaps the most dangerous aspect of TeamFiltration’s abuse lies in its full-spectrum automation. Upon gaining account access, the tool is programmed to extract high-value data instantly. Entire Teams chat logs, file repositories, and contact lists can be siphoned without requiring human intervention, drastically reducing the window for organizations to detect and contain the intrusion. This automation enables malicious actors to run large-scale, continuous operations with minimal oversight.

Widespread Impact: By the Numbers​

Proofpoint’s analysis indicates that the campaign peaked in January 2025, though it had already compromised tens of thousands of accounts across corporate, governmental, and nonprofit sectors. Most malicious login origin points were traced to AWS infrastructure—a full 42% emerging from the United States, followed by Ireland at 11% and the United Kingdom at 8%. These numbers underscore both the reach and the agility of attackers who exploited the global cloud to “hide in plain sight.”
Though public reports center on the 80,000 targeted accounts, the true extent is likely higher. The decentralized nature of the attacks, combined with silent failure modes (where victims have little to no evidence of compromise), greatly increases the challenges in scope assessment. Security teams globally should interpret these figures as a warning; cloud-based identity attacks are industrial in scale, and no organization integrated with Entra ID is immune.

Bypassing Modern Defenses: Why Traditional Controls Fail​

Historically, organizations have relied on a core set of security defenses—multi-factor authentication (MFA), geo-fencing, and anomalous login detection—to safeguard accounts. TeamFiltration, as deployed by these attackers, illustrates how cutting-edge tools can undermine even advanced protections. Several established security notions have been upended:

1. Conditional Access Policy (CAP) Evasion​

Conditional Access Policies are meant to tightly regulate which geographic locations or device types are permitted to access cloud accounts. Attackers leveraging TeamFiltration were able to skirt these controls by:

• Rapidly changing AWS regions, making IP-based rules obsolete
• Exploiting gaps in organization-specific policies that fail to account for legitimate-looking cloud infrastructure
• Capitalizing on policy misconfigurations, such as insufficient restrictions on legacy protocols or incomplete logging

2. OAuth Token Abuse (Family Refresh Tokens)​

The campaign’s most innovative abuse centers on the Microsoft OAuth family refresh token (FRT) mechanism. FRTs are intended to streamline cross-service authentication, but when stolen, they confer wide-reaching access. Since FRTs are valid for multiple applications, their misuse can evade even well-configured session management or single sign-on (SSO) restrictions.

3. Stealth through Automation​

Because TeamFiltration’s actions mimic normal usage and operate at the API level, traditional SIEM solutions that flag brute force login attempts or mass downloads from user interfaces may miss these attacks entirely. The sophistication of attackers in “living off the cloud” grants them a lower profile than those relying on malware or exploit kits.

Real-World Consequences and Risks​

The blast radius of a successful TeamFiltration attack is vast. If a single user is compromised, attackers may gain:

• Complete access to their email, calendars, Teams conversations, and OneDrive files
• Insights into internal projects, business partners, and supply chain relationships
• The ability to send phishing messages from trusted addresses to escalate privileges further or spread to new victims

For organizations, the consequences include sensitive intellectual property theft, business disruption, regulatory fines, and lasting reputational damage. Attackers can automate lateral movement, pursue privilege escalation, and maintain persistent access for months undetected.

The Supply Chain and Third-Party Risk​

Modern businesses are deeply interconnected; even if only a single employee at a contractor, vendor, or subsidiary is compromised, attackers can use their cloud access to launch secondary attacks against partners upstream or downstream. The role of cloud-based identity systems like Entra ID in federating access means that a breach does not stop at organizational boundaries.

Defense-in-Depth: Lessons and Recommendations​

Proofpoint’s research, corroborated by multiple security consultancies, emphasizes that only a multi-layered defensive approach can mitigate this new form of attack. Key recommendations for organizations include:

1. Enforce Strong Multi-Factor Authentication​

While not invulnerable (“MFA-bypassing” techniques exist), enforcing robust, phishing-resistant MFA across all accounts—especially high-privilege users—vastly reduces the risk of successful account takeovers after credential compromise. This includes using hardware security keys or authenticator apps that are not susceptible to simple user deception.

2. Rigorous Monitoring and Anomaly Detection​

Organizations must continuously monitor for:

• Unusual login patterns, such as legitimate user accounts authenticating from new AWS regions or other unexpected cloud providers
• Sudden spikes in failed login attempts, indicative of password spraying or enumeration
• Changes in OAuth grant relationships (new applications requesting broad or cross-service permissions)

Deploying high-fidelity logging and rapid investigative processes is essential. Automation can help, but human review of major anomalies remains unavoidable.

3. Harden Conditional Access Policies​

Conditional Access Rules must be reviewed regularly to:

• Disallow authentication from untrusted cloud service providers, unless explicitly required
• Restrict legacy authentication protocols and block them wherever possible
• Require reauthentication after sensitive actions (such as changing passwords or granting OAuth consents)

Organizations should leverage Microsoft’s security baseline recommendations and regularly audit all conditional and access review policies for gaps.

4. Minimize OAuth Token Scope and Lifetime​

Limiting the issuance, validity period, and scope of OAuth tokens is critical. Specifically:

• Limit use of Family Refresh Tokens (FRTs) unless absolutely necessary for business function
• Ensure that compromised tokens can be invalidated or revoked rapidly following an incident
• Monitor third-party application access to user accounts, particularly those that request read/write permissions across multiple Microsoft 365 services

5. User Education and Proactive Testing​

End-user vigilance is indispensable. Employees should receive regular, up-to-date training about:

• Recognizing phishing attempts, fake authentication prompts, and suspicious logins
• The importance of reporting anomalous login notifications—even if access is not blocked

Organizations may consider simulating phishing attacks and account compromise scenarios as a form of “fire drill,” testing both technical and human responses before a real incident occurs.

Broader Implications for Cloud Identity Security​

The TeamFiltration campaign serves as a watershed moment for cloud identity defense. As identity providers, Microsoft and Amazon must continually evolve detection and mitigation capabilities—such as machine learning-based anomaly detection, real-time token revocation, and granular auditing APIs. However, ultimate responsibility still rests with tenant organizations to accurately configure, monitor, and defend their environments.

Notable Strengths of the Attack/Defense Paradigm​

• Innovation mirrors real-world attackers: The use of legitimate red team tools like TeamFiltration both by and against defenders highlights the blurred lines between ethical and adversarial hacking. This realism strengthens the arms race between attackers and defense teams.
• Distributed cloud infrastructure: The agility attackers gain from the cloud also exists in the defender’s toolkit—cloud-native SIEM and SOAR tools can offer real-time threat intelligence and rapid responses if properly deployed.

Significant Weaknesses and Risks​

• Detection lag: Many organizations are reliant on signature-based or behavior-based controls tuned for legacy threats. Attackers using cloud-native and API-based techniques are often steps ahead.
• Policy and configuration drift: Fast-moving organizations, especially those migrating to hybrid or full-cloud environments, are prone to misconfigured access controls, legacy permissions, and over-broad OAuth grants mined by TeamFiltration-like campaigns.

Unverifiable Claims and Unknowns​

Though Proofpoint and other security firms have validated the existence of the UNK_SneakyStrike campaign—with multiple independent sources confirming its cloud-based origins—there remain some unverifiable statistics around total affected organizations and the full depth of exfiltrated data. The distributed nature of attacks, silent failures, and victim reluctance to report breaches means the true scale could be greater. Security teams should operate under the assumption that undetected cloud identity breaches are already active within their environments.

The Path Forward: Building Resilient Cloud Identity Defenses​

The events surrounding TeamFiltration’s abuse underline a stark reality: security tools can and will be repurposed for attack, and automation is increasingly the norm. As organizations double down on cloud adoption, identity represents both the strongest point of defense and the softest target for adversaries. Defending Microsoft Entra ID environments must become a living, evolving process—rooted in zero trust, rigorous automation, and organizational vigilance.
Critical next steps for IT leaders include:

• Prioritizing zero-trust architectures and continuous identity assessment
• Investing in advanced behavioral analytics that adapt as attackers do
• Routinely re-evaluating third-party and inter-organizational access
• Joining threat intelligence sharing platforms to detect and disrupt ATO campaigns proactively

Every technological advance—whether designed for defenders or attackers—raises the stakes in cloud security. The only constants are change and the imperative for vigilance.
As attackers continue to adapt, so too must defenders. The lessons of TeamFiltration point to an inescapable conclusion: in the era of cloud-first business, identity is the new perimeter, and defending it is every organization’s most urgent mandate.

---

Source: Petri IT Knowledgebase TeamFiltration Tool Abused in Entra ID Account Breach