Darktrace identified coordinated SaaS account compromises across multiple customer environments. The incidents involved suspicious logins from VPS-linked infrastructure followed by unauthorized inbox rule creation and deletion of phishing-related emails. These consistent behaviors across devices point to a targeted phishing campaign leveraging virtual infrastructure for access and concealment. Discover how Darktrace uncovered this activity and what it means for the future of SaaS security.

This blog examines three real-world cloud-based attacks in Azure and AWS environments, including credential compromise, data exfiltration, and ransomware detonation. Learn how Darktrace’s AI-driven threat detection and Autonomous Response capabilities help organizations defend against evolving threats in complex cloud environments.

SaaS security requires new methods to keep up with evolving threats and business infrastructure. In this blog, learn the top eight threats to identity security and how AI-based solutions can help.

FlowerStorm is a phishing-as-a-service platform that leverages Adversary-in-the-Middle attacks to steal Microsoft 365 credentials and bypass MFA. Darktrace detected a SaaS compromise linked to FlowerStorm, identifying suspicious logins, password resets, and privilege escalation attempts, enabling early containment through AI-driven threat detection and response.

Tycoon 2FA uses AiTM phishing and legitimate services to bypass MFA. Darktrace AI stopped it, read the blog to learn how Self-Learning AI detects sophisticated threats.

Insider threats pose significant risks due to access to internal systems. Darktrace detected a former employee attempting to steal data from the customer’s Google Workspace platform. Learn about this threat here.

A recent phishing attack compromised an internal email account, but Darktrace’s advanced AI quickly intervened. By identifying unusual activity across email and SaaS environments, Darktrace uncovered the attacker’s use of VPNs to mask their location and shut down the threat.

Read about thread hijacking and how attackers exploit trusted conversations, compromising network security and user data. Stay informed.

VIP Impersonation occurs when a cyber-threat actor impersonates a prominent employee to obtain sensitive data. Learn all about VIP impersonation here.

Discover how Darktrace thwarted DarkGate malware in Microsoft Teams. Stay informed on the latest cybersecurity measures and protect your business.

Learn how Darktrace detected an account hijack within days of deployment. Discover the strategies used to protect against cyber threats.

Darktrace investigates several attacks through PerfectData Software on Microsoft 365 accounts and shows how we were able to prevent full account takeovers.

Learn how Darktrace detected and stopped a large-scale account hijack that led to a phishing attack. Protect your business with these insights.

Multi-Factor Authentication (MFA) is a widely used security measure, but it's not bulletproof. See how threat actors can exploit MFA to access your information.

Learn how to detect, respond, and escalate to prevent further compromise for account hijacks. Get Darktrace's expert insights on cybersecurity strategies.

Learn why MFA and security awareness fall short and how Self-Learning AI can enhance your cyber defense strategy.

Learn how internal phishing can compromise accounts swiftly & how Darktrace/Apps can prevent future attacks effectively.

Find out how AI empowers Priefert Manufacturing to stay productive and secure, with insights from Darktrace.

Discover the analysis of a sophisticated SaaS-based attack using Microsoft 365 accounts. Learn how attackers launch & maintain their offensive strategies.