Muddled Libra, a notorious threat actor group, has been actively targeting SaaS and CSP environments to steal sensitive data.

The group employs social engineering and advanced reconnaissance techniques to pinpoint and exploit administrative users, particularly through SSO portals.

Their attacks focus on key services such as AWS IAM, Amazon S3, AWS Secrets Manager, and various Azure storage solutions.

The tactical evolution of Muddled Libra signifies an increased need for organizations to enhance their identity portals with strong secondary authentication measures.

The adaptability of Muddled Libra exemplifies the growing complexity of security challenges that defenders face in today's digital landscape.