Microsoft Azure Accounts Hit With Phishing Attacks To Hijack Virtual Machines

[ad_1]

Cybersecurity researchers from Mandiant have uncovered a hacking collective with extensive knowledge of the Azure environment, using phishing and SIM-swapping techniques to infiltrate virtual machines and exfiltrate sensitive data.

In its report (opens in new tab), Mandiant says it is tracking the group as “UNC3944”, claiming it’s been active since at least May 2022.

First, the group would run SMS phishing attacks in order to obtain the passwords for Microsoft Azure admin accounts. After that, they would run a SIM-swapping attack, gaining the ability to receive multi-factor authentication (MFA) codes through SMS. Mandiant isn’t sure exactly how the group SIM-swaps, but says that “knowing the target’s phone number and conspiring with unscrupulous telecom employees is enough to facilitate illicit number ports”.

Impersonating admins

Then, the group would impersonate the administrator and reach out to help desk agents in order to receive the MFA code and use it to access the target’s Azure environment. Once inside, they’d gather information, modify existing Azure accounts, or create new ones, depending on who they compromised and what the goal at that moment is.

The next step was to use Azure Extensions add-ons to hide as they gather as much data as possible, and Azure Serial Console to gain admin console access to VMs and run commands over the serial port.

“This method of attack was unique in that it avoided many of the traditional detection methods employed within Azure and provided the attacker with full administrative access to the VM,” Mandiant said in its report.

After that, the group does a number of additional moves to remain on the network, and to keep stealthy, as they identify and exfiltrate as much sensitive data as they can.

UNC3944 demonstrated a “deep understanding” of the Azure environment, Mandiant said, noting this level of technical know-how, combined with high-level social engineering skills, makes this malicious (opens in new tab) group quite dangerous.

These are the best firewalls (opens in new tab) to keep your business protected

[ad_2]
#Microsoft #Azure #accounts #hit #phishing #attacks #hijack #virtual #machines

Microsoft Azure accounts hit with phishing attacks to hijack virtual machines

Leave a Comment Cancel reply

Product Highlight

Recent Posts

SSC all exams, links is here

What is the Adivasi delisting demand and why is it gaining momentum now?

Uttar Pradesh: Engineering students among 10 held in Hardoi over multi-crore cyber fraud racket

Bengal CID sets up 5-member probe team for signature case; TMC MP Abhishek Banerjee skips appearance

BJP, police trying to weaken TMC through intimidation and arrests: Mamata Banerjee

Madhya Pradesh begins process to implement Uniform Civil Code, high-level committee formed

SIR enumeration phase begins in Odisha, Mizoram, Sikkim, Manipur

Nepal Foreign Ministry’s damage control; downplays PM’s claims of ‘Indian land encroachment’ remarks

Most accused out on bail, `mastermind` untouched, same pattern replayed: Why 2026 NEET paper leak was inevitable

India’s invisible war jet is coming: Who will build the country’s 5th-gen fighter plane?

‘Brilliant, brave young Indians’: Rahul Gandhi meets Vedant, student at centre of CBSE row

Welcome

Categorys

Site Links