Latest


Microsoft suspends 18 Azure accounts tied to China-based hackers

  •   Sat, Sep 26 2020 01:38:09 PM

San Francisco, Sep 26 (IANS): Microsoft has suspended 18 Azure Active Directory applications on its Cloud infrastructure that were being used by a Chinese nation-state actor to execute their attacks.

The apps were part of the malicious command and control infrastructure by Gadolinium – China-based nation-state activity group that has been compromising targets for nearly a decade with a worldwide focus on the maritime and health industries.

As with most threat groups, Gadolinium tracks the tools and techniques of security practitioners looking for new techniques they can use or modify to create new exploit methods, according to Ben Koehl from Microsoft Threat Intelligence Centre (MSTIC).

Gadolinium uses cloud services and open source tools to enhance weaponization of their malware payload, attempt to gain command and control all the way to the server, and to obfuscate detection.

"These attacks were delivered via spear-phishing emails with malicious attachments and detected and blocked by Microsoft Defender, formerly Microsoft Threat Protection (MTP), and able to be detected using Azure Sentinel," Microsoft said.

Recently, Microsoft observed newly expanded targeting outside of those sectors to include the Asia Pacific region and other targets in higher education and regional government organisations.

"Gadolinium has been experimenting with using cloud services to deliver their attacks to increase both operation speed and scale for years," the tech giant said in a blog post this week.

Two of the most recent attack chains in 2019 and 2020 were delivered from Gadolinium using similar tactics and techniques.

Gadolinium used several different payloads to achieve its exploitation or intrusion objectives including a range of PowerShell scripts to execute file commands to potentially exfiltrate data.

In mid-April 2020, Gadolinium actors were detected sending spear-phishing emails with malicious attachments.

The filenames of these attachments were named to appeal to the target's interest in the Covid-19 pandemic.

The Gadolinium uses an Azure Active Directory application to configure a victim endpoint with the permissions needed to exfiltrate data to the attacker's own Microsoft OneDrive storage.

"Gadolinium will no doubt evolve their tactics in pursuit of its objectives. As those threats target Microsoft customers, we will continue to build detections and implement protections to defend against them," Microsoft said.
  

Top Stories

Dubai: Dr Ronald Colaco honoured with ‘Global Icon of Philanthropy’ Award

  •   13 hours ago    5

Leave a Comment

Title: Microsoft suspends 18 Azure accounts tied to China-based hackers



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.

You might also like