Security News > 2023 > October > Microsoft: Hackers target Azure cloud VMs via breached SQL servers
Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection.
The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target's environment.
This enables the threat actors to gain access to the SQL Server instance hosted on Azure Virtual Machine with elevated permissions to execute SQL commands and extract valuable data.
Next, the attackers attempted to exploit the cloud identity of the SQL Server instance to access the IMDS and obtain the cloud identity access key.
Microsoft suggests using Defender for Cloud and Defender for Endpoint to catch SQL injections and suspicious SQLCMD activity, both employed in the observed attack.
New Microsoft Azure AD CTS feature can be abused for lateral movement.
News URL
Related news
- Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers (source)
- Microsoft Sues Hacking Group Exploiting Azure AI for Harmful Content Creation (source)
- Azure, Microsoft 365 MFA outage locks out users across regions (source)
- Microsoft: macOS bug lets hackers install malicious kernel drivers (source)
- Microsoft 365 apps crash on Windows Server after Office update (source)
- Hackers use FastHTTP in new high-speed Microsoft 365 password attacks (source)
- Microsoft fixes Office 365 apps crashing on Windows Server systems (source)
- Microsoft fixes Windows Server 2022 bug breaking device boot (source)
- Microsoft issues out-of-band fix for Windows Server 2022 NUMA glitch (source)
- Microsoft: Outdated Exchange servers fail to auto-mitigate security bugs (source)