Cybersecuritynews
AzCopy Utility Exploited in Ransomware Data Exfiltration Campaigns
First seen 4 Mar 2026, 14:10 UTC
•

•84% similarity
•89.3
Share:
Export
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
Browse articles
Ransomware operators have begun misusing Microsoft's AzCopy, a legitimate command-line utility, to facilitate data exfiltration in ongoing attacks. This shift marks a significant change in tactics, as attackers leverage trusted software typically used by IT teams to move data to and from Azure Storage. Organizations relying on AzCopy are now at risk of having sensitive data stolen using this tool.
ThreatCluster AI
Timeline
2026-03-04
Reports of AzCopy being misused in ransomware attacks emerge
Recent
Ransomware campaigns actively exploiting AzCopy identified