AzCopy Utility Exploited in Ransomware Data Exfiltration Campaigns

Severity: Critical (Score: 89.3)

Sources: Cybersecuritynews, Cyberpress, Gbhackers

Summary

Ransomware operators have begun misusing Microsoft's AzCopy, a legitimate command-line utility, to facilitate data exfiltration in ongoing attacks. This shift marks a significant change in tactics, as attackers leverage trusted software typically used by IT teams to move data to and from Azure Storage. Organizations relying on AzCopy are now at risk of having sensitive data stolen using this tool.

Key Entities

• Ransomware (attack_type)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1567 - Exfiltration Over Web Service (mitre_attack)
• Azure (company)
• AzCopy (tool)