Security News > 2023 > October > Microsoft: Hackers target Azure cloud VMs via breached SQL servers
Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection.
The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target's environment.
This enables the threat actors to gain access to the SQL Server instance hosted on Azure Virtual Machine with elevated permissions to execute SQL commands and extract valuable data.
Next, the attackers attempted to exploit the cloud identity of the SQL Server instance to access the IMDS and obtain the cloud identity access key.
Microsoft suggests using Defender for Cloud and Defender for Endpoint to catch SQL injections and suspicious SQLCMD activity, both employed in the observed attack.
New Microsoft Azure AD CTS feature can be abused for lateral movement.
News URL
Related news
- Hackers exploit ProjectSend flaw to backdoor exposed servers (source)
- Microsoft Fixes AI, Cloud, and ERP Security Flaws; One Exploited in Active Attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russian hackers hijack Pakistani hackers' servers for their own attacks (source)
- Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities (source)
- Microsoft dangles $10K for hackers to hijack LLM email service (source)
- Hackers Use Microsoft MSC Files to Deploy Obfuscated Backdoor in Pakistan Attacks (source)
- APT29 Hackers Target High-Value Victims Using Rogue RDP Servers and PyRDP (source)
- HubSpot phishing targets 20,000 Microsoft Azure accounts (source)
- CISA orders federal agencies to secure their Microsoft cloud environments (source)