Blog
/
Identity
/
May 19, 2023

Darktrace Stops Large-Scale Account Hijack

Learn how Darktrace detected and stopped a large-scale account hijack that led to a phishing attack. Protect your business with these insights.
Written by
Zoe Tilsiter
Cyber Analyst
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Zoe Tilsiter
Cyber Analyst
Default blog image
19
May 2023

Introduction 

As malicious actors across the threat landscape continue to take advantage of the widespread adoption of Software-as-a-Service (SaaS) platforms and multi-factor authentication (MFA) services to gain unauthorized access to organizations’ networks, it is crucial to have appropriate security tools in place to defend against account compromise at the earliest stage.

One method frequently employed by attackers is account takeover. Account takeovers occur when a threat actor exploits credentials to login to a SaaS account, often from an unusual location where the genuine actor does not usually login from. 

Access to these accounts can be caused by harvesting credentials through phishing emails and password spray attacks, or by exploiting insecure cloud safety practices such as not having MFA enabled on user accounts, requiring only user credentials for authentication. Once the integrity of the account is compromised, the threat actor can conduct further activity, such as delivering malware, reading and exfiltrating sensitive data, and sending out phishing emails to harvest further internal and external user credentials, repeating the attack cycle [1,2]. 

In early 2023, Darktrace detected a large-scale account takeover and phishing attack on the network of a customer in the education sector that affected hundreds of accounts and resulted in thousands of emails being forwarded outside of the network. The exceptional degree of visibility provided by Darktrace DETECT™ allowed for the detection of adversarial activity at every stage of the kill chain, and direct support from the Darktrace Analyst team via the Ask the Expert (ATE) service ensured the customer was fully informed and equipped to implement remedial action. 

Details of Attack Chain

Darktrace observed the same pattern of activity on all hijacked accounts on the customer’s network; login from unfamiliar locations, enablement of a mail forwarding rule that forwards all incoming emails to malicious email addresses, and the sending of phishing emails followed by their deletion. 

Figure 1: Timeline of attack on hijacked SaaS accounts.

Initial Access

Darktrace DETECT first detected anomalous SaaS activity on the customer environment on January 14, 2023, and then again on February 3, when multiple SaaS accounts were observed logging in from atypical locations with rare IP addresses and geographically impossible travel timings, or logging in whilst the account owner was active elsewhere. Subsequent investigation using open-source intelligence (OSINT) sources revealed one of the IP addressed had recently been associated with brute-force or password spray attempt.

This pattern of unusual login behavior persisted throughout the timeframe of the attack, with more unique accounts generating model breaches each day for similarly anomalous logins. As MFA authentication was not enforced for these user logins, the initial intrusion process was enabled by requiring only credentials for authentication.

Sending Emails 

The compromised accounts were also seen sending out emails with the subject ‘Email HELP DESK’ to external and internal recipients. This was likely represented a threat actor employing social engineering tactics to gain the trust of the recipient by posing as an internal help desk.

Mail Forwarding

Following the successful logins, compromised accounts began creating email rules to forward mail to external email addresses, some of which were associated with domains that had hits for malicious activity according to OSINT sources [3].

  • chotunai[.]com
  • bymercy[.]com
  • breazeim[.]com
  • brandoza[.]com

Forwarding mail is a commonly observed tactic during SaaS compromises to control lines of communication. Malicious actors often attempt to insert themselves into ongoing correspondence for illicit purposes, such as exfiltrating sensitive information, gaining persistent access to the compromised email or redirecting invoice payments. 

Email Deletions

Shortly after the mail forwarding activity, compromised accounts were detected performing anomalous email deletions en masse. Further investigation revealed that these accounts had previously sent a large volume of phishing emails and this mass deletion likely represented an attempt to conceal these activities by deleting them from their outboxes.

On February 10, the customer applied a mass password reset on all accounts that Darktrace had identified as compromised and provisioned, privileged accounts with MFA. They have indicated that those measures successfully halted the compromise, addressing the initial point of entry.  

Darktrace Coverage

Using its Self-Learning AI, Darktrace effectively demonstrated its ability to detect unusual SaaS activity that could indicate that an account has been hijacked by malicious actors. Rather than relying on a traditional rules and signature-based approach, Darktrace models develop an understanding of the network itself and can instantly recognize when a compromised deviates from its expected pattern of life.

Figure 2: Detection of unusual SaaS activity on hijacked SaaS account.

Initial Access

Initial access was detected by the following models:

  • Security Integration / High Severity Integration Detection  
  • SaaS / Unusual Activity / Activity from Multiple Unusual IPs 
  • SaaS / Access / Unusual External Source for SaaS Credential Use 
  • SaaS / Compromise / Login From Rare Endpoint While User Is Active 

Initial access was also detected by the following Cyber AI Analyst Incidents:

  • Possible Hijack of Office365 Account 

The model breaches and AI Analyst incidents detected logins from 100% rare external IP addresses in conjunction with a lack of MFA usage, as depicted in Figure 3.

Figure 3: Breach log showing initial detection of a SaaS login from a 100% rare IP where MFA was not used.
Figure 4: Initial detection of unusual SaaS activity visualized in Darktrace's SaaS console.

Mail Forwarding

Mail forwarding was detected by the following models:

  • SaaS / Admin / Mail Forwarding Enabled 

Compromised accounts were largely detected configuring mail forwarding rules to external email addresses, ostensibly to establish persistence on the network and exfiltrate sensitive correspondence.

Figure 5: The enablement of mail forwarding was detected as 100% new or uncommon for the account in question.

Mass Email Deletion

Mass email deletion was detected by the following models:

  • SaaS / Compromise / Suspicious Login and Mass Email Deletes 
  • SaaS / Resource / Mass Email Deletes from Rare Location 
Figure 6: Compromised account deleting phishing emails it had previously sent from the outbox.

Darktrace detected accounts performing highly anomalous mass email deletions from rare locations. The actors deleted the email “Email HELP DESK” which was later confirmed as being the primary phishing email used in the attack. Deletions were observed on compromised accounts’ outboxes, presumably to conceal the malicious activity.

Darktrace also detected this linked pattern of activity in sequential models such as: 

  • SaaS / Compromise / Unusual Login, Sent Mail, Deleted Sent
  • SaaS / Compromise / Suspicious Login and Mass Email Deletes 

Ask the Expert

The customer used the ATE service to request more technical information and support concerning the attack. Darktrace’s 24/7 team of analysts were able to offer expert assistance and further details to assist in the subsequent investigations and remediation steps. 

Further Detection and Response  

Unfortunately, the customer did not have Darktrace/Email™ enabled at the time of the attack. Darktrace/Email has visibility over inbound and outbound mail-flow which provides an oversight on potential data loss incidents. In this case, Darktrace DETECT/Email would have been able to provide full visibility over the phishing emails sent by the compromised accounts, as well as the attackers attempts to spoof an internal helpdesk. Further to this, the new Analysis Outlook integration helps employees understand why an email is suspicious and enables them report emails directly to the security team, which helps to continuously build user awareness of phishing attacks. 

Darktrace/Email also enhances Darktrace/Network™ detections by triggering ‘Email Nexus’ models within Darktrace/Network, where malicious activity is detected across the digital estate, correlating moving from SaaS compromised logins to mass email spam being sent out by compromised users

Figure 7: Email Nexus models within the Darktrace/Network enhanced by Darktrace/Email

Darktrace RESPOND™ was not enabled on the customer environment at the time of the attack; if it were, Darktrace would have been able to autonomously take action against the SaaS model breaches detecting across multiple of the kill chain. RESPOND would have disabled the hijacked accounts or force them to log out for a period of time, whilst also disabling the inbox rules that had been established by malicious actors. This would have given the customer’s security team valuable time to analyze the incident and mitigate the situation, preventing the attack from escalating any further. 

Conclusion

Ultimately, Darktrace demonstrated its unparalleled visibility over customer networks which allowed for the detection of this large-scale targeted SaaS account takeover, and the subsequent phishing attack. It underscores the importance of defense in depth; critically, MFA was not enforced for this environment which likely made the targeted organization far more susceptible to compromise via credential theft. The phishing activity detected by Darktrace following this account compromise also highlights the need for email protection in any security stack. 

Darktrace’s visibility meant allowed it to detect the attack at a high degree of granularity, including the account logins, email forwarding rule creations, outbound mail, and the mass deletions of phishing emails. Darktrace’s anomaly-based detection means it does not have to rely on signatures, rules or known indicators of compromise (IoCs) when identifying an emerging threat, instead placing the emphasis on recognizing a user’s deviation from its normal behavior.

However, without the presence of an autonomous response technology able to instantly intervene and stop ongoing attacks, organizations will always be reacting to attacks once the damage is done. Darktrace RESPOND is uniquely placed to take action against suspicious activity as soon as it is detected, preventing attacks from escalating and saving customers from significant disruption to their business.

Credit to: Zoe Tilsiter, Cyber Analyst, Gernice Lee, Cyber Analyst.

Appendices

Models Breached

SaaS / Access / Unusual External Source for SaaS Credential Use

SaaS / Admin / Mail Forwarding Enabled

SaaS / Compliance / Microsoft Cloud App Security Alert Detected

SaaS / Compromise / SaaS Anomaly Following Anomalous Login 

SaaS / Compromise / Unusual Login, Sent Mail, Deleted Sent

SaaS / Compromise / Suspicious Login and Mass Email Deletes 

SaaS / Resource / Mass Email Deletes from Rare Location

SaaS / Unusual Activity / Multiple Unusual External Sources For SaaS Credential

SaaS / Unusual Activity / Activity from Multiple Unusual IPs

SaaS / Unusual Activity / Multiple Unusual SaaS Activities 

Security Integration / Low Severity Integration Detection

Security Integration / High Severity Integration Detection

List of IoCs

brandoza[.]com - domain - probable domain of forwarded email address

breazeim[.]com - domain - probable domain of forwarded email address

bymercy[.]com - domain - probable domain of forwarded email address

chotunai[.]com - domain - probable domain of forwarded email address

MITRE ATT&CK Mapping

Tactic: INITIAL ACCESS, PERSISTENCE, PRIVILEGE ESCILATION, DEFENSE EVASION

Technique: T1078.004 – Cloud Accounts

Tactic: COLLECTION

Technique: T1114- Email Collection

Tactic:COLLECTION

Technique: T1114.003- Email Forwarding Rule

Tactic: IMPACT

Technique: T1485- Data Destruction

Tactic: DEFENSE EVASION

Technique: T1578.003 – Delete Cloud Instance

References

[1] Darktrace, 2022, Cloud Application Security_ Protect your SaaS with Self-Learning AI.pdf

[2] https://www.cloudflare.com/en-gb/learning/access-management/account-takeover/ 

[3] https://www.virustotal.com/gui/domain/chotunai.com 

Written by
Zoe Tilsiter
Cyber Analyst
Inside the SOC
Darktrace cyber analysts are world-class experts in threat intelligence, threat hunting and incident response, and provide 24/7 SOC support to thousands of Darktrace customers around the globe. Inside the SOC is exclusively authored by these experts, providing analysis of cyber incidents and threat trends, based on real-world experience in the field.
Written by
Zoe Tilsiter
Cyber Analyst

Hola VPN Abuse: From Proxy Traffic to Malware and Cryptomining

Network
June 15, 2026
Min Kim
Cyber Security Analyst
Watch the NIS2 Webinar
Trending blogs
1
Prompt Security in Enterprise AI: Strengths, Weaknesses, and Common Approaches
May 20, 2026
2
What the Darktrace Annual Threat Report 2026 Means for Security Leaders
Feb 26, 2026
3
Journey of a Threat: How Multi-Layered AI Works in Darktrace / EMAIL
May 26, 2026
4
How to Evaluate AI Vendors: 5 Key categories for AI Adoption
May 27, 2026
5
Darktrace Unites Human Behavior and Threat Detection Across Email, Slack, Teams, and Zoom
Mar 24, 2026

More in this series

No items found.
Continue reading
Identity
August 21, 2025

From VPS to Phishing: How Darktrace Uncovered SaaS Hijacks through Virtual Infrastructure Abuse

Darktrace identified coordinated SaaS account compromises across multiple customer environments. The incidents involved suspicious logins from VPS-linked infrastructure followed by unauthorized inbox rule creation and deletion of phishing-related emails. These consistent behaviors across devices point to a targeted phishing campaign leveraging virtual infrastructure for access and concealment. Discover how Darktrace uncovered this activity and what it means for the future of SaaS security.
Rajendra Rushanth
Cyber Analyst
Read more
Identity
July 8, 2025

Defending the Cloud: Stopping Cyber Threats in Azure and AWS with Darktrace

This blog examines three real-world cloud-based attacks in Azure and AWS environments, including credential compromise, data exfiltration, and ransomware detonation. Learn how Darktrace’s AI-driven threat detection and Autonomous Response capabilities help organizations defend against evolving threats in complex cloud environments.
Alexandra Sentenac
Cyber Analyst
Read more
Identity
July 3, 2025

Top Eight Threats to SaaS Security and How to Combat Them

SaaS security requires new methods to keep up with evolving threats and business infrastructure. In this blog, learn the top eight threats to identity security and how AI-based solutions can help.
Carlos Gray
Senior Product Marketing Manager, Email
Read more

Blog

/

AI

/

June 24, 2026

A New Security Challenge: The Curious Case of Prompt Language Analysis

Default blog imageDefault blog image

Why prompt analysis is emerging as a key AI security challenge

If securing AI has been one of the defining cybersecurity conversations of the past year, prompt analysis is quickly becoming one of its most interesting frontiers.

Security leaders are under pressure to understand how AI is being used across the business. In some organizations, that means governing employee use of chatbots. In others, it means overseeing copilots embedded into SaaS platforms, monitoring coding assistants, or assessing the growing footprint of autonomous agents. However different these use cases may appear on the surface, they share a common factor: humans and machines are usually interacting with enterprise systems through language.  

How prompt language differs from traditional security telemetry

For years, defenders have become used to working with familiar forms of telemetry: email traffic, network connections, API calls, endpoint processes, authentication events. Prompt language is different. It is not simply another log source. It is an expression of intent, instruction, curiosity, urgency, and sometimes manipulation. It reflects the end-goal of a user or agent, but not always with enough surrounding context to interpret the risk correctly.

Why existing security approaches only partially explain prompt risk

A growing number of vendors are approaching the task of securing AI from the angle they know best. Perimeter vendors are extending web or browser controls into AI usage. Identity vendors are emphasizing agent permissions and access governance. Data security and DLP providers are focusing on content inspection and exfiltration risk. All of these perspectives matter, but individually can’t fully explain the problem.

The challenge with securing AI is not just that a new application category has emerged. It is that language has become a new operating layer in the enterprise.

Employees now use prompts to summarize documents, generate code, analyze spreadsheets, query internal knowledge, and trigger multi-step actions through agents. In each case, prompt language acts as the interface between human intent and machine execution. That makes prompts incredibly valuable from a security perspective as they can hint at misuse, policy violations, data exposure, or attempts to circumvent controls. However, they can also be deeply ambiguous when viewed in isolation. That ambiguity is the heart of the issue.

Prompts as behavioral signals, not just text to classify

A prompt by itself tells you what was asked. It does not necessarily tell you whether the request is expected, risky, accidental, or entirely legitimate in context. Two nearly identical prompts can carry very different meanings depending on the role and function of who issued them, what systems they can access, and what actions followed. In other words, prompts are not just text to classify. They are behavioral signals to interpret.

Example: How context changes prompt risk entirely

Consider a common enterprise scenario. An employee is pulled into a new project with an aggressive deadline. Almost overnight, their use of AI tools spikes. They begin prompting more frequently, working across unfamiliar documents, querying new data sources, and interacting with more systems than usual to accelerate delivery. Viewed narrowly, this may look suspicious. Prompt volume increases, file access patterns change, API and SaaS activity rise. From some vantage points, it may resemble insider risk or unmanaged AI usage.

But now add context. Imagine that, earlier that day, the employee received instructions from a senior leader asking them to support a time-sensitive initiative. Their communication history shows that this leader is a legitimate reporting-line superior. Their recent collaboration patterns align with the new project team. Their subsequent activity, while unusual for that individual’s baseline, is consistent with the business task they were assigned.

What initially looked like a risk event may actually be a normal response to business pressure. Without the surrounding context of communication, organizational relationships, and broader behavioral patterns, prompt activity alone could generate more noise than insight.

The reverse is also true. A prompt may appear benign on the surface while the context around it suggests elevated risk. A request that seems routine could originate from a compromised user, a newly connected external agent, a shadow AI workflow, or a user acting outside their normal role. The language itself may not contain anything obviously malicious, but the surrounding conditions may tell a very different story.

What security teams need to analyze prompts effectively

The future of prompt analysis is not just about understanding language. It is about understanding language in context.

To do that well, security teams need more than prompt inspection. They need to understand:

  • Who is issuing the prompt, whether human or agent
  • How that identity normally behaves across the enterprise
  • What systems, data, and workflows are connected to the interaction
  • Which relationships and communications explain the surrounding activity
  • Whether the downstream actions align with expected business behavior

When those layers are absent, prompt analysis can become another isolated control surface: useful in theory, but limited in practice. Security teams may detect unusual wording but miss the operational function behind it, overreact to benign changes in behavior, or miss subtle misuse because the prompt itself did not appear dangerous.

How organizations should think about prompt analysis going forward

Security teams have seen this pattern before. In the cloud, posture without runtime context left important gaps. In identity, access control without behavioral understanding missed misuse that looked legitimate on paper. In data security, content inspection without business context often created friction without resolving risk. AI is exposing the same lesson again: controls are strongest when they are coordinated, not isolated. As organizations work to secure AI and identify gaps across their security operations, prompt analysis will become an increasingly important source of insight, but only as part of a broader strategy.

Prompt analysis will undoubtedly become more common, as prompts are one of the clearest windows into how people and agents are using AI systems. However, what matters most is not simply collecting prompts or filtering dangerous phrases, but being able to place that language inside a wider behavioral and operational picture.

Organizations that already have a broader understanding of how work gets done across the enterprise will be better positioned to make sense of prompt language as this category matures. They will be better able to distinguish urgency from abuse, experimentation from exfiltration, and productive AI adoption from hidden risk.

Figure 1: Darktrace / SECURE AI reconstructs the full sequence of events, showing every user and agent interaction in context, with risky prompts highlighted and categorized, including PII, sensitive data, and other policy violations.

At Darktrace, this is the key lesson emerging from the market: prompt language does matter, but it does not stand alone. It is most valuable when treated as a new behavioral input that can enrich understanding across the enterprise, not as a self-contained source of truth.

Why prompts become less useful when analyzed in isolation

The curious case of prompt language analysis, then, is this: the more important prompts become, the less useful they are in a vacuum.

The real opportunity is not just to see what was asked. It is to understand why it was asked, what it meant in that moment, and what happened next.

For a deeper look at how organizations are approaching this challenge from the strengths of prompt analysis to its limitations in isolation see Prompt Security in Enterprise AI: Strengths, Weaknesses, and Common Approaches, which expands on the role prompt-level controls play within a broader, context-driven security strategy.

Continue reading
About the author
Nabil Zoldjalali
VP, Field CISO

Blog

/

AI

/

June 23, 2026

Advancing the Use of Frontier AI in Cybersecurity: Darktrace Joins the OpenAI Daybreak Cyber Partner Program to Explore Defensive AI Integrations

Default blog imageDefault blog image

Darktrace joins the OpenAI Daybreak Cyber Partner Program

Today, we announced that Darktrace is joining the OpenAI Daybreak Cyber Partner Program. We’ll be partnering with OpenAI to explore how their cyber capabilities can be integrated within Darktrace products and services to bring new capabilities to our customers.

This partnership is an exciting opportunity to bring together Darktrace’s behavioral AI modelling of the organization with OpenAI’s advanced contextual capabilities to create a new level of understanding for security teams. To understand the impact, it’s helpful to start with how we think about the problem.  

At Darktrace, we built our AI in support of the core belief that cybersecurity needs to understand the business it is defending. That's why our Self-Learning AI is designed to help organizations understand normal and abnormal behavior for each organization across their digital environment, including users and identities, networks and cloud, email and collaboration tools, and now AI systems and agents with the rollout of Darktrace / SECURE AI™.  

Our goal was never simply to spot known attacks faster. It was to help defenders understand how their organization behaves, potential risks and impact, and where disruption could take hold so they could prepare for the unknown threats that they may not have seen or even imagined before.  

That’s exactly what is happening across the threat landscape today. Attacks keep changing; techniques shift, infrastructure evolves, and attackers move with more speed, precision, and context. And now they have even more AI and automation on their side. Attackers are exploiting identities, trusted services, SaaS applications, and business workflows. They are not always breaking in; often, the threat may come from within the organization in the form of insider threat or even rogue agents.  

In this reality, defenders need a combination of deep AI modelling of the organization and AI that can connect identified threats to concrete business context, translating this information into real world value, and allow action before risk becomes disruption.

That is the opportunity we see in partnering with OpenAI.  

What is the OpenAI Daybreak Cyber Partner Program and why is Darktrace joining

The OpenAI Daybreak Cyber Partner Program is focused on advancing the safe use of AI for cybersecurity. As part of the program’s next phase, OpenAI is working with a select group of trusted partners including Darktrace on scoped product integrations, managed services, and partner-delivered defensive capabilities. We’ll be exploring how OpenAI’s advanced frontier AI capabilities can support defenders in the tools and workflows they already use each day.

For Darktrace, this is a natural extension of our expertise and the work we have been doing for a decade: safely and securely applying the most effective AI techniques in combination to understand organizations, detecting malicious activity at the earliest indicators, and helping cyber defenders act faster.  

By using the advanced models and more precise safeguards available in the OpenAI Daybreak Cyber Partner Program, Darktrace and OpenAI will combine Darktrace’s real-time behavioral understanding of an organization's digital estate with OpenAI's ability to interpret wider business context.  

This is a unique and powerful combination of insights that could give organizations deeper context on technical risk and help them prioritize workloads and investigations based on potential impact to revenue, operations, and resilience. It can also provide security teams and executives with intelligence into which events matter most to the business, why they matter, and what action to take. Not just finding, for instance, that an agent is compromised, but highlighting that the compromised agent could shut down order fulfilment within the next three hours.  

Why the Darktrace and OpenAI partnership matters for defenders

Security teams today have more attack surface, more complex environments to protect, and an increasing volume of threats. The ability to act quickly is critical, but they also need to be able to focus on the risks that could have the greatest business impact.

That is especially important as attackers use AI to scale phishing, automate reconnaissance, find weaknesses, and blend into normal business activity. At the same time, organizations and their employees are using AI to innovate, which introduces an even broader attack surface and new set of risks. Defenders need AI that can operate across the same complexity, but safely, transparently, and in service of building more resilience. And they need a way to safely adopt, govern, and defend AI across their organizations.

Joining the OpenAI Daybreak Cyber Partner Program is another step in that direction. We are still early in this work, and we will take a careful, disciplined approach. But the direction is clear: protecting organizations requires AI that understands the business, not just the attack.

At Darktrace, that is exactly where we remain focused and why we are so excited about this partnership with OpenAI.  

[related-resource]

Continue reading
About the author
Your data. Our AI.
Elevate your network security with Darktrace AI