Entra ID hacked

Dear Community,

I am seeking urgent guidance regarding a serious security incident involving my Entra ID tenant.

My tenant was compromised, and the attacker removed my Owner permissions from the Tenant Root Group and created two high-spec virtual machines without authorization. This resulted in approximately USD 9,500 in unexpected usage charges.

I immediately blocked my credit card, and the subscription has now moved into a disabled state, most likely due to non-payment. However, I am still unable to regain administrative control. I previously managed to open a support ticket using another account, but it was limited to subscription-related issues only. Even when the case was marked with Severity A, Microsoft support was unable to treat it as an urgent incident or take immediate corrective action.

At this point:
• I only have read-only access
• I cannot create a technical support request
• I cannot upgrade the support plan
• I cannot restore Owner permissions
• I am unable to properly escalate the compromise

If anyone has experienced a similar situation or knows the fastest way to:
• Regain Tenant Root Group ownership
• Reach Microsoft security team for compromised tenant cases
• Escalate beyond standard support channels

I would truly appreciate your advice. This has been extremely stressful, and I am trying to regain control and prevent any further damage.

Thank you in advance for your support.