Threat actors are abusing virtual private servers (VPS) to compromise Software-as-a-Service (SaaS) accounts, according to an investigation by Darktrace. The cybersecurity vendor identified coordinated SaaS account compromises across multiple customer environments, all of which involved logins from IP addresses linked to various VPS providers. The compromised accounts were used to conduct follow-on phishing attacks, with threat actors taking steps to avoid detection and enable persistent access
