Microsoft 365 Defender researchers dismantled the cloud computing infrastructure that was used to orchestrate a large-scale business email compromise (BEC) campaign. In a joint blog post, Stefan Sellmer, Microsoft 365 Defender Research Team, and Nick Carr, Microsoft Threat Intelligence Center (MSTIC) share details about rogue cloud infrastructure that has spread across multiple web services. Cybersecurity researchers said the campaign compromised mailboxes using phishing and forwarding rules, in an attempt to obtain emails about financial transactions. “This survey also shows how cross-domain threat data, enriched with insights from expert analysts, provides protection against real-world threats, both in terms of attack detection through products like Microsoft Defender for Office 365, as well as in the removal of infrastructure. », Write the researchers. This campaign follows another equally comprehensive, but poorly executed BEC campaign, which used over a hundred farms occupied by typographical errors.