Security News > 2023 > October > Microsoft: Hackers target Azure cloud VMs via breached SQL servers
Hackers have been observed trying to breach cloud environments through Microsoft SQL Servers vulnerable to SQL injection.
The attacks Microsoft observed start with exploiting an SQL injection vulnerability in an application in the target's environment.
This enables the threat actors to gain access to the SQL Server instance hosted on Azure Virtual Machine with elevated permissions to execute SQL commands and extract valuable data.
Next, the attackers attempted to exploit the cloud identity of the SQL Server instance to access the IMDS and obtain the cloud identity access key.
Microsoft suggests using Defender for Cloud and Defender for Endpoint to catch SQL injections and suspicious SQLCMD activity, both employed in the observed attack.
New Microsoft Azure AD CTS feature can be abused for lateral movement.
News URL
Related news
- Microsoft: Russian hackers accessed internal systems, code repositories (source)
- Microsoft confirms Windows Server issue behind domain controller crashes (source)
- Microsoft releases emergency fix for Windows Server crashes (source)
- Microsoft to shut down 50 cloud services for Russian businesses (source)
- Microsoft confirms memory leak in March Windows Server security update (source)
- 17,000+ Microsoft Exchange servers in Germany are vulnerable to attack, BSI warns (source)
- Hackers exploit Ray framework flaw to breach servers, hijack resources (source)
- Germany warns of 17K vulnerable Microsoft Exchange servers exposed online (source)
- CISA Warns: Hackers Actively Attacking Microsoft SharePoint Vulnerability (source)
- These 17,000 unpatched Microsoft Exchange servers are a ticking time bomb (source)