Product
medium
threat
Unusual Azure Storage Account Key Access by Privileged User
2 rules 2 TTPsDetects unusual access to Azure Storage Account keys by users with Owner, Contributor, Storage Account Contributor, or User Access Administrator roles, potentially indicating compromised identities as seen in STORM-0501 ransomware campaigns.
Microsoft Azure +1
Storm-0501
azure
storage account
credential access
ransomware
2r
2t
high
advisory
Multiple Azure Storage Account Deletions by User
2 rules 2 TTPsA single user or service principal deleting multiple Azure Storage Accounts within a short time period may indicate malicious activity such as data destruction, service disruption, or a ransomware attack.
Azure +1
cloud
storage
impact
2r
2t