CyberSecurity news
FlagThis
Pierluigi Paganini@Security Affairs
//
Microsoft has issued a warning regarding a recent password spraying attack targeting the education sector. The tech giant has identified the threat actor behind these attacks as Storm-1977. This group is actively targeting cloud tenants within educational institutions, attempting to gain unauthorized access through compromised credentials.
Storm-1977 employs a Command Line Interface (CLI) tool called AzureChecker.exe in its attacks. This tool is used to retrieve AES-encrypted data from an external server, which contains a list of targets for the password spraying. Additionally, AzureChecker accepts a text file ("accounts.txt") containing username and password combinations. It then uses this information to attempt validation against target tenants.
In one successful instance, Storm-1977 exploited a guest account to create a resource group within a compromised subscription. The attackers proceeded to create over 200 containers within this group, using them for illicit cryptocurrency mining. Microsoft advises organizations to secure container deployments and runtimes, monitor Kubernetes API requests, and implement policies to prevent deployments from untrusted registries to mitigate such activities.
ImgSrc: securityaffairs
References :
Storm-1977 employs a Command Line Interface (CLI) tool called AzureChecker.exe in its attacks. This tool is used to retrieve AES-encrypted data from an external server, which contains a list of targets for the password spraying. Additionally, AzureChecker accepts a text file ("accounts.txt") containing username and password combinations. It then uses this information to attempt validation against target tenants.
In one successful instance, Storm-1977 exploited a guest account to create a resource group within a compromised subscription. The attackers proceeded to create over 200 containers within this group, using them for illicit cryptocurrency mining. Microsoft advises organizations to secure container deployments and runtimes, monitor Kubernetes API requests, and implement policies to prevent deployments from untrusted registries to mitigate such activities.
ImgSrc: securityaffairs
Share:
References :
- securityaffairs.com: SecurityAffairs: Storm-1977 targets education sector with password spraying, Microsoft warns
- The Hacker News: TheHackNews: Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
- Davey Winder: Forbes: Microsoft Confirms Password Spraying Attack — What You Need To Know
Classification:
- HashTags: #PasswordSpray #Education #Microsoft
- Company: Microsoft
- Target: Education sector
- Product: Windows
- Feature: Credential Access
- Malware: AzureChecker.exe
- Type: Hack
- Severity: Medium