We recently identified an ongoing account takeover campaign, dubbed UNK_SneakyStrike, leveraging the TeamFiltration framework to target Entra ID accounts. Active since December 2024, the campaign has impacted over 80,000 users across hundreds of organizations. Attackers use Microsoft Teams APIs and AWS infrastructure to perform user enumeration and password spraying....