Express Computer
Home  »  Cloud  »  Microsoft suspends 18 Azure accounts tied to China-based hackers

Microsoft suspends 18 Azure accounts tied to China-based hackers

0 400

Microsoft has suspended 18 Azure Active Directory applications on its Cloud infrastructure that were being used by a Chinese nation-state actor to execute their attacks.

The apps were part of the malicious command and control infrastructure by Gadolinium – China-based nation-state activity group that has been compromising targets for nearly a decade with a worldwide focus on the maritime and health industries.

As with most threat groups, Gadolinium tracks the tools and techniques of security practitioners looking for new techniques they can use or modify to create new exploit methods, according to Ben Koehl from Microsoft Threat Intelligence Centre (MSTIC).

Gadolinium uses cloud services and open source tools to enhance weaponization of their malware payload, attempt to gain command and control all the way to the server, and to obfuscate detection.

“These attacks were delivered via spear-phishing emails with malicious attachments and detected and blocked by Microsoft Defender, formerly Microsoft Threat Protection (MTP), and able to be detected using Azure Sentinel,” Microsoft said.

Recently, Microsoft observed newly expanded targeting outside of those sectors to include the Asia Pacific region and other targets in higher education and regional government organisations.

“Gadolinium has been experimenting with using cloud services to deliver their attacks to increase both operation speed and scale for years,” the tech giant said in a blog post this week.

Two of the most recent attack chains in 2019 and 2020 were delivered from Gadolinium using similar tactics and techniques.

Gadolinium used several different payloads to achieve its exploitation or intrusion objectives including a range of PowerShell scripts to execute file commands to potentially exfiltrate data.

In mid-April 2020, Gadolinium actors were detected sending spear-phishing emails with malicious attachments.

The filenames of these attachments were named to appeal to the target’s interest in the Covid-19 pandemic.

The Gadolinium uses an Azure Active Directory application to configure a victim endpoint with the permissions needed to exfiltrate data to the attacker’s own Microsoft OneDrive storage.

“Gadolinium will no doubt evolve their tactics in pursuit of its objectives. As those threats target Microsoft customers, we will continue to build detections and implement protections to defend against them,” Microsoft said.

–IANS

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image