Security News > 2023 > October > Microsoft: Hackers target Azure cloud VMs via breached SQL servers
Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection.
The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target's environment.
This enables the threat actors to gain access to the SQL Server instance hosted on Azure Virtual Machine with elevated permissions to execute SQL commands and extract valuable data.
Next, the attackers attempted to exploit the cloud identity of the SQL Server instance to access the IMDS and obtain the cloud identity access key.
Microsoft suggests using Defender for Cloud and Defender for Endpoint to catch SQL injections and suspicious SQLCMD activity, both employed in the observed attack.
New Microsoft Azure AD CTS feature can be abused for lateral movement.
News URL
Related news
- China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil (source)
- Microsoft Fixes 78 Flaws, 5 Zero-Days Exploited; CVSS 10 Bug Impacts Azure DevOps Server (source)
- Microsoft fixes auth issues on Windows Server, Windows 11 24H2 (source)
- Google's got a hot cloud infosec startup, a new unified platform — and its eye on Microsoft's $20B+ security biz (source)
- Oracle says "obsolete servers" hacked, denies cloud breach (source)
- Microsoft: Windows Server 2025 restarts break connectivity on some DCs (source)
- Microsoft Secures MSA Signing with Azure Confidential VMs Following Storm-0558 Breach (source)
- Microsoft fixes Windows Server 2025 blue screen, install issues (source)
- Russian Hackers Exploit Microsoft OAuth to Target Ukraine Allies via Signal and WhatsApp (source)
- ASUS releases fix for AMI bug that lets hackers brick servers (source)