AzCopy Utility Exploited in Ransomware Data Exfiltration Campaigns

AzCopy Utility Exploited in Ransomware Data Exfiltration Campaigns

First seen 4 Mar 2026, 14:10 UTC GbhackersCybersecuritynewsCyberpress 84% similarity 89.3

Article Content

Browse articles
ThreatCluster

Ransomware operators have begun misusing Microsoft's AzCopy, a legitimate command-line utility, to facilitate data exfiltration in ongoing attacks. This shift marks a significant change in tactics, as attackers leverage trusted software typically used by IT teams to move data to and from Azure Storage. Organizations relying on AzCopy are now at risk of having sensitive data stolen using this tool.

ThreatCluster AI

Timeline

2026-03-04
Reports of AzCopy being misused in ransomware attacks emerge
Recent
Ransomware campaigns actively exploiting AzCopy identified

Community

Browse all →