New cyberattack report reveals how hackers quietly moved across cloud systems without using malware.
Redmond, Washington, 19 May 2026 – Microsoft has revealed details of a sophisticated cyberattack campaign that shows how dangerous stolen digital identities have become in today’s cloud-driven world. In a newly published security report, the company explained how a threat group known as Storm 2949 managed to turn a single compromised identity into a large-scale cloud breach affecting multiple systems and accounts.
According to Microsoft’s security researchers, the attackers did not rely on traditional malware or ransomware to carry out the operation. Instead, they focused on stealing login credentials and abusing legitimate cloud services to quietly move across systems, gain access to sensitive information, and extract large amounts of data.
The report highlights how cybercriminals are increasingly shifting toward identity-based attacks rather than direct system hacking. Once attackers gain access to a user’s credentials, they can often move through cloud platforms without triggering traditional security alarms. This allows them to operate silently while accessing emails, shared files, cloud storage, and internal systems.
Microsoft researchers said Storm 2949 used compromised identities to access multiple cloud resources and download large volumes of files through legitimate interfaces such as OneDrive. In some cases, thousands of files were reportedly extracted in a single action.
Cybersecurity experts say this type of attack reflects a growing challenge for businesses worldwide. As organizations increasingly depend on cloud computing, remote work systems, and digital collaboration platforms, user identities have become one of the most valuable targets for cybercriminals.
Traditional cybersecurity tools were mainly designed to detect malicious software, suspicious downloads, or network intrusions. However, identity-based attacks are often harder to identify because attackers may appear to behave like legitimate users after obtaining stolen credentials.
The rise of artificial intelligence and automation is also changing the cybersecurity landscape. Security researchers warn that AI-powered tools can help attackers automate phishing campaigns, mimic human behavior, and identify weak access points more efficiently. At the same time, companies are also using AI-driven security systems to detect unusual login activity and suspicious behavior patterns faster than before.
Microsoft’s report comes amid growing concerns over cloud security and credential theft worldwide. Recent cybersecurity investigations have shown a sharp increase in phishing attacks, token theft, and identity compromise campaigns targeting businesses, healthcare organizations, financial institutions, and technology companies.
Experts believe identity protection will become one of the most important areas of cybersecurity investment over the next few years. Companies are increasingly adopting multi-factor authentication, zero-trust security frameworks, continuous monitoring systems, and stricter cloud access controls to reduce risks associated with stolen credentials.
The report also highlights how modern cyberattacks are becoming more strategic and less visible. Instead of deploying disruptive malware immediately, attackers are now focusing on remaining undetected for longer periods while collecting sensitive information and expanding access across cloud environments.
Industry analysts say cloud security is entering a new phase where protecting identities may become even more important than protecting devices themselves. As businesses continue adopting AI-powered systems, cloud infrastructure, and digital workflows, cybersecurity strategies will need to evolve rapidly to address increasingly advanced identity-driven threats.
Microsoft’s latest findings serve as another reminder that in today’s digital economy, a single compromised login can potentially open the door to an organization’s entire cloud environment.