cloudsviewer.com
  • AWS Amazon
  • Azure
  • Google Cloud
No Result
View All Result
  • AWS Amazon
  • Azure
  • Google Cloud
No Result
View All Result
Clouds Viewer
No Result
View All Result
Home Azure

Microsoft removed 18 Azure AD apps used by Chinese state-sponsored hacker group

Guest by Guest
September 24, 2020
in Azure
0
Microsoft removed 18 Azure AD apps used by Chinese state-sponsored hacker group
0
SHARES
0
VIEWS
Share on FacebookShare on Twitter


china-hack-apt.png

Particular characteristic

Cyberwar and the Future of Cybersecurity

Cyberwar and the Way forward for Cybersecurity

Right now’s safety threats have expanded in scope and seriousness. There can now be thousands and thousands — and even billions — of dollars in danger when data safety is not dealt with correctly.

Learn Extra

Microsoft stated in the present day that it eliminated 18 Azure Energetic Listing functions from its Azure portal that had been created and abused by a Chinese language state-sponsored hacker group.

The 18 Azure AD apps had been taken down from the Azure portal earlier this 12 months in April, the Microsoft menace intelligence staff stated in a report revealed in the present day.

The report described the current techniques utilized by a Chinese language hacker group generally known as Gadolinium (aka APT40, or Leviathan).

The Azure apps had been a part of the group’s 2020 assault routine, which Microsoft described as “significantly difficult” to detect because of its multi-stage an infection course of and the broad use of PowerShell payloads.

These assaults started with spear-phishing emails aimed on the goal organizations, carrying malicious paperwork, normally PowerPoint information with a COVID-19 theme.

Victims who opened one among these paperwork could be contaminated with PowerShell-based malware payloads. Right here is the place the malicious Azure AD apps would additionally come into play.

On contaminated computer systems, Microsoft stated the Gadolinium hackers used the PowerShell malware to put in one of many 18 Azure AD apps. The position of those apps was to robotically configure the sufferer’s endpoint “with the permissions wanted to exfiltrate information to the attacker’s personal Microsoft OneDrive storage.”

gadolinium-3.png

Picture: Microsoft

By eradicating the 18 Azure AD apps, Microsoft crippled the Chinese language hacker group’s assaults, at the least for a short time, however it additionally compelled the hackers to re-think and re-tool their assault infrastructure.

As well as, Microsoft stated it additionally labored to take down a GitHub account that the identical Gadolinium group had used as a part of its 2018 assaults. This motion could not have had an influence on new operations, however it did stop the hackers from reusing the identical account for different assaults sooner or later.

Microsoft’s actions towards this Chinese language hacker group aren’t an remoted case. Over the previous few years, Microsoft has persistently intervened to take down malware infrastructure, could it have been utilized by low-level cybercrime operators or by high-end state-sponsored hacker teams.

In earlier interventions, Microsoft additionally focused the infrastructure utilized by different nation-state teams, tied to Iranian, North Korean, and Russian cyber-operations.



Source link

Previous Post

Google Partners With LA’s SoFi Stadium And Hollywood Park To Push Cloud Technology

Next Post

Amazon Web Services, IBM, Microsoft, Oracle, Ripple, Earthport, Chain Inc, Bitfury Group – SG Research Sphere

Guest

Guest

Next Post
Amazon Web Services, IBM, Microsoft, Oracle, Ripple, Earthport, Chain Inc, Bitfury Group – SG Research Sphere

Amazon Web Services, IBM, Microsoft, Oracle, Ripple, Earthport, Chain Inc, Bitfury Group – SG Research Sphere

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Stay Connected test

  • 81 Followers
  • 22.9k Followers
  • 99 Subscribers
  • Trending
  • Comments
  • Latest
Microsoft Azure Adds A100 GPU Instances for ‘Supercomputer-Class AI’ in the Cloud

Microsoft Azure Adds A100 GPU Instances for ‘Supercomputer-Class AI’ in the Cloud

August 20, 2020
Designing your data security program in a cloud-native way on Google Cloud

Designing your data security program in a cloud-native way on Google Cloud

January 24, 2021
Use Pulumi and Azure DevOps to deploy infrastructure as code

Use Pulumi and Azure DevOps to deploy infrastructure as code

August 19, 2020
Microsoft Azure Touts ‘Supercomputer-class AI’ with Nvidia A100 GPU Instances

Microsoft Azure Touts ‘Supercomputer-class AI’ with Nvidia A100 GPU Instances

August 20, 2020
Democratization of real-time analysis with Google Cloud

Democratization of real-time analysis with Google Cloud

2
AWS On Air – re:Invent Weekly Streaming Schedule

AWS On Air – re:Invent Weekly Streaming Schedule

1
Azure Resource Graph unlocks enhanced discovery for ServiceNow | Azure Blog and Updates

Connecting Azure to the International Space Station with Hewlett Packard Enterprise | Azure Blog and Updates

1
Azure Resource Graph unlocks enhanced discovery for ServiceNow | Azure Blog and Updates

Azure Firewall Premium now in preview | Azure Blog and Updates

1
Architect your data lake on Google Cloud with Data Fusion and Composer

How to use a Machine Learning Model from a Google Sheet using BigQuery ML

February 25, 2021
Azure Resource Graph unlocks enhanced discovery for ServiceNow | Azure Blog and Updates

Azure Cost Management and Billing updates – February 2021 | Azure Blog and Updates

February 25, 2021
Introducing schedule-based autoscaling for Compute Engine

Introducing schedule-based autoscaling for Compute Engine

February 23, 2021
Azure Resource Graph unlocks enhanced discovery for ServiceNow | Azure Blog and Updates

A deep dive into serverless applications on Power Apps and Azure | Azure Blog and Updates

February 23, 2021

Recent News

Architect your data lake on Google Cloud with Data Fusion and Composer

How to use a Machine Learning Model from a Google Sheet using BigQuery ML

February 25, 2021
Azure Resource Graph unlocks enhanced discovery for ServiceNow | Azure Blog and Updates

Azure Cost Management and Billing updates – February 2021 | Azure Blog and Updates

February 25, 2021
Introducing schedule-based autoscaling for Compute Engine

Introducing schedule-based autoscaling for Compute Engine

February 23, 2021
Azure Resource Graph unlocks enhanced discovery for ServiceNow | Azure Blog and Updates

A deep dive into serverless applications on Power Apps and Azure | Azure Blog and Updates

February 23, 2021

Recent News

Architect your data lake on Google Cloud with Data Fusion and Composer

How to use a Machine Learning Model from a Google Sheet using BigQuery ML

February 25, 2021
Azure Resource Graph unlocks enhanced discovery for ServiceNow | Azure Blog and Updates

Azure Cost Management and Billing updates – February 2021 | Azure Blog and Updates

February 25, 2021

Browse by Category

  • AWS Amazon
  • Azure
  • Google Cloud

Follow Us

No Result
View All Result
  • AWS Amazon
  • Azure
  • Google Cloud

No Result
View All Result
  • AWS Amazon
  • Azure
  • Google Cloud