The Reveal Platform
Intel Name: Attackers unleash teamfiltration: account takeover campaign (unk_sneakystrike) leverages popular pentesting tool
Date of Scan: June 12, 2025
Impact: High
Summary: We recently identified an ongoing account takeover campaign, dubbed UNK_SneakyStrike, leveraging the TeamFiltration framework to target Entra ID accounts. Active since December 2024, the campaign has impacted over 80,000 users across hundreds of organizations. Attackers use Microsoft Teams APIs and AWS infrastructure to perform user enumeration and password spraying. Attackers exploited access to specific resources of native apps like Teams, OneDrive, Outlook, and more.
