Industrial-scale exploitation of enterprise identities drives shift to identity-based attacks
Summary
Hide ▲
Show ▼
Security researchers report a significant escalation in adversary use of legitimate enterprise identities to conduct large-scale network intrusions, creating an "impersonation crisis" that bypasses traditional defenses focused on perimeter detection. Attackers leverage compromised or fraudulently obtained accounts—via social engineering, MFA bypass kits, brute-force campaigns, or fake employee personas using AI deepfakes—to achieve persistent, policy-level access within victim organizations. Intrusions often remain undetected until post-compromise damage occurs, such as data exfiltration or ransomware deployment, due to the adversary’s ability to operate under valid credentials and administrative privileges.
Timeline
-
25.03.2026 17:30 1 articles · 2h ago
Adversaries weaponize enterprise identities at operational scale via identity compromise and fraudulent employment
Security researchers report a marked increase in identity-based intrusions where attackers use compromised or fabricated enterprise identities to bypass traditional detection and achieve administrative-level access. Observed tactics include MFA bypass and policy manipulation, brute-force authentication abuse, and deepfake-assisted recruitment to place malicious insiders within target organizations. Intrusions often evade detection until post-compromise activity such as data exfiltration or policy changes occurs.
Show sources
- Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne — www.infosecurity-magazine.com — 25.03.2026 17:30
Information Snippets
-
Threat actors have shifted toward identity-based attacks at "industrial scale" over the past year, according to SentinelOne’s Annual Threat Report for 2026.
First reported: 25.03.2026 17:301 source, 1 articleShow sources
- Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne — www.infosecurity-magazine.com — 25.03.2026 17:30
-
Attackers frequently bypass or disable MFA by compromising privileged accounts and modifying access policies within management portals, enabling sustained access and lateral movement.
First reported: 25.03.2026 17:301 source, 1 articleShow sources
- Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne — www.infosecurity-magazine.com — 25.03.2026 17:30
-
MFA bypass kits are widely available to adversaries, while some campaigns use brute-force tactics to overwhelm targets with authentication requests.
First reported: 25.03.2026 17:301 source, 1 articleShow sources
- Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne — www.infosecurity-magazine.com — 25.03.2026 17:30
-
Campaigns involving fake personas—including AI-enabled deepfakes during recruitment—are used to gain legitimate remote employment and conduct insider-style attacks.
First reported: 25.03.2026 17:301 source, 1 articleShow sources
- Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne — www.infosecurity-magazine.com — 25.03.2026 17:30
-
SentinelOne identified over 1,000 job applications and approximately 360 fake personas linked to North Korean state-backed operations targeting Western tech firms.
First reported: 25.03.2026 17:301 source, 1 articleShow sources
- Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne — www.infosecurity-magazine.com — 25.03.2026 17:30
-
Intrusions often remain undetected until adversaries perform anomalous actions such as bulk data exports or unauthorized permission changes under the compromised identity.
First reported: 25.03.2026 17:301 source, 1 articleShow sources
- Hackers Exploit Compromised Enterprise Identities at Industrial Scale, Warns SentinelOne — www.infosecurity-magazine.com — 25.03.2026 17:30