Cybersecurity and Infrastructure Security Agency (CISA) issued an alert warning that cloud services at U.S. organizations are being actively and successfully targeted. Most of the attacks are opportunistic, taking advantage of poor cloud cyber-hygiene and misconfigurations. Phishing and possibly a pass-the-cookie attack have been the primary attack vectors for the cloud attacks, CISA said. CISA observed the actors logins originating from foreign locations (although the actors could have been using a proxy or Tor to obfuscate their location)
Source: https://threatpost.com/cloud-attacks-bypass-mfa-feds/163056/