Microsoft reported that a threat actor known as Storm-1977 has engaged in password spraying against cloud tenants in the education sector over the past year. Utilizing a Command Line Interface tool called AzureChecker.exe, the actor connects to an external server to access lists of target accounts and validates credentials. In a notable incident, they compromised a guest account, creating over 200 containers for illicit cryptocurrency mining. Microsoft warns about various vulnerabilities in containerized assets that could lead to further exploitation, urging organizations to tighten security and monitor their cloud infrastructures closely.
Microsoft observed that a threat actor, Storm-1977, has conducted password spraying attacks on educational cloud tenants using AzureChecker.exe and compromised accounts.
Storm-1977 utilized an external server to retrieve AES-encrypted data listing targets and used a text file to validate found credentials for malicious actions.
Attackers compromised a guest account to create over 200 containers within a resource group, highlighting potential threats to containerized assets in the cloud.
Organizations must ensure robust security measures for container deployments, monitor K8s API requests, and enforce policies to block untrusted container deployments.
Collection
[
|
...
]