Cloudsviewer
  • Home
  • Google Cloud
  • AWS Amazon
  • Azure
No Result
View All Result
  • Home
  • Google Cloud
  • AWS Amazon
  • Azure
No Result
View All Result
cloudsviewer.com
No Result
View All Result
Home Azure

Microsoft removed 18 Azure AD apps used by Chinese state-sponsored hacker group

September 24, 2020
Microsoft removed 18 Azure AD apps used by Chinese state-sponsored hacker group
Share on FacebookShare on Twitter


china-hack-apt.png

Particular characteristic

Cyberwar and the Future of Cybersecurity

Cyberwar and the Way forward for Cybersecurity

Right now’s safety threats have expanded in scope and seriousness. There can now be thousands and thousands — and even billions — of dollars in danger when data safety is not dealt with correctly.

Learn Extra

Microsoft stated in the present day that it eliminated 18 Azure Energetic Listing functions from its Azure portal that had been created and abused by a Chinese language state-sponsored hacker group.

The 18 Azure AD apps had been taken down from the Azure portal earlier this 12 months in April, the Microsoft menace intelligence staff stated in a report revealed in the present day.

The report described the current techniques utilized by a Chinese language hacker group generally known as Gadolinium (aka APT40, or Leviathan).

The Azure apps had been a part of the group’s 2020 assault routine, which Microsoft described as “significantly difficult” to detect because of its multi-stage an infection course of and the broad use of PowerShell payloads.

These assaults started with spear-phishing emails aimed on the goal organizations, carrying malicious paperwork, normally PowerPoint information with a COVID-19 theme.

Victims who opened one among these paperwork could be contaminated with PowerShell-based malware payloads. Right here is the place the malicious Azure AD apps would additionally come into play.

On contaminated computer systems, Microsoft stated the Gadolinium hackers used the PowerShell malware to put in one of many 18 Azure AD apps. The position of those apps was to robotically configure the sufferer’s endpoint “with the permissions wanted to exfiltrate information to the attacker’s personal Microsoft OneDrive storage.”

gadolinium-3.png

Picture: Microsoft

By eradicating the 18 Azure AD apps, Microsoft crippled the Chinese language hacker group’s assaults, at the least for a short time, however it additionally compelled the hackers to re-think and re-tool their assault infrastructure.

As well as, Microsoft stated it additionally labored to take down a GitHub account that the identical Gadolinium group had used as a part of its 2018 assaults. This motion could not have had an influence on new operations, however it did stop the hackers from reusing the identical account for different assaults sooner or later.

Microsoft’s actions towards this Chinese language hacker group aren’t an remoted case. Over the previous few years, Microsoft has persistently intervened to take down malware infrastructure, could it have been utilized by low-level cybercrime operators or by high-end state-sponsored hacker teams.

In earlier interventions, Microsoft additionally focused the infrastructure utilized by different nation-state teams, tied to Iranian, North Korean, and Russian cyber-operations.



Source link

Guest

Guest

Next Post
Amazon Web Services, IBM, Microsoft, Oracle, Ripple, Earthport, Chain Inc, Bitfury Group – SG Research Sphere

Amazon Web Services, IBM, Microsoft, Oracle, Ripple, Earthport, Chain Inc, Bitfury Group – SG Research Sphere

Leave a Reply

Your email address will not be published. Required fields are marked *

Recommended.

Microsoft Dev Box is now generally available

Microsoft Dev Box is now generally available

August 16, 2023
NTUC uses DataHub data platform across platforms and clouds

Built with BigQuery: How Tamr delivers Master Data Management at scale and what this means for a data product strategy

January 23, 2023

Trending.

New – Fully Serverless Batch Computing with AWS Batch Support for AWS Fargate

Goodbye Microsoft SQL Server, Hello Babelfish

November 1, 2021
Your Google Cloud database options, explained

Your Google Cloud database options, explained

August 25, 2021
Global AR WYSIWYG Editor Software Market Research Analysis of COVID 19

Global AR WYSIWYG Editor Software Market Research Analysis of COVID 19

August 20, 2020
AWS Named as a Leader for the 11th Consecutive Year in 2021 Gartner Magic Quadrant for Cloud Infrastructure & Platform Services (CIPS)

AWS Named as a Leader for the 11th Consecutive Year in 2021 Gartner Magic Quadrant for Cloud Infrastructure & Platform Services (CIPS)

August 2, 2021
Introducing a Google Cloud architecture diagramming tool

Introducing a Google Cloud architecture diagramming tool

February 17, 2022
  • Advertise
  • Privacy & Policy

© 2022 Cloudsviewer - Cloud computing news. Quick and easy.

No Result
View All Result
  • Home

© 2022 Cloudsviewer - Cloud computing news. Quick and easy.