Security News > 2020 > September > Microsoft Kills 18 Azure Accounts Tied to Nation-State Attacks
An APT group has started heavily relying on cloud services like Azure Active Directory and OneDrive, as well as open-source tools, to obfuscate its attacks.
Microsoft has suspended 18 Azure Active Directory applications that were being leveraged for command-and-control infrastructure by what it says is a Chinese nation-state actor.
While Microsoft services like Azure Active Directory - its cloud-based identity and access management service - are popular among enterprises, cybercriminals are also swooping in on these services to enhance the weaponization of their malware payload, attempt to gain command and control all the way to the server, and obfuscate detection.
Behind the scenes, these attacks relied on a bundle of Microsoft services and open source tooling - which Microsoft said has been a steady trend in recent years for several nation-state activity groups migrating to open source tooling.
"The attacker uses an Azure Active Directory application to configure a victim endpoint with the permissions needed to exfiltrate data to the attacker's own Microsoft OneDrive storage," said researchers.
News URL
https://threatpost.com/microsoft-azure-chinese-hackers/159551/
Related news
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Phishing-as-a-Service "Rockstar 2FA" Targets Microsoft 365 Users with AiTM Attacks (source)
- Microsoft enforces defenses preventing NTLM relay attacks (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes under-attack privilege-escalation holes in Hyper-V (source)
- Ransomware gangs pose as IT support in Microsoft Teams phishing attacks (source)