Microsoft Warns of Rise in Stolen Cloud Tokens Used to Bypass MFA

Analysts see an uptick in token theft from authenticated users, allowing threat actors to bypass MFA protections.

Threat actors are stealing authentication tokens already verified by multifactor authentication (MFA) to breach organizations systems.
A new alert from Microsoft Detection and Response Team (DART), said
token theft for MFA bypass
is particularly dangerous because it requires little technical expertise to pull off, its tough to detect, and most organizations havent considered token theft as part of their incident response plan. And as employees increasingly access systems through personal devices, security controls are weaker and malicious activity is hidden from the security teams view.
Full visibility into devices reduces token theft risk, but DART concedes thats difficult with so many unmanaged devices accessing the network. For unmanaged devices, they recommend conditional access policies and strong controls.
As far as mitigations go, publicly available open-source tools for exploiting token theft already exist, and commodity credential theft malware has already been adapted to include this technique in their arsenal, DART added in its blog post about the
MFA workaround
. Detecting token theft can be difficult without the proper safeguards and visibility into authentication endpoints.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Microsoft Warns of Rise in Stolen Cloud Tokens Used to Bypass MFA