Microsoft Azure accounts hit with phishing attacks to hijack virtual machines

Sead Fadilpašić

May 17, 2023 at 9:20 AM·2 min read

Cloud computing concept represented by a server room, with a cloud representation hologram concept.

Cybersecurity researchers from Mandiant have uncovered a hacking collective with extensive knowledge of the Azure environment, using phishing and SIM-swapping techniques to infiltrate virtual machines and exfiltrate sensitive data.

In its report, Mandiant says it is tracking the group as “UNC3944”, claiming it’s been active since at least May 2022.

First, the group would run SMS phishing attacks in order to obtain the passwords for Microsoft Azure admin accounts. After that, they would run a SIM-swapping attack, gaining the ability to receive multi-factor authentication (MFA) codes through SMS. Mandiant isn’t sure exactly how the group SIM-swaps, but says that “knowing the target's phone number and conspiring with unscrupulous telecom employees is enough to facilitate illicit number ports”.

Impersonating admins

Then, the group would impersonate the administrator and reach out to help desk agents in order to receive the MFA code and use it to access the target’s Azure environment. Once inside, they’d gather information, modify existing Azure accounts, or create new ones, depending on who they compromised and what the goal at that moment is.

The next step was to use Azure Extensions add-ons to hide as they gather as much data as possible, and Azure Serial Console to gain admin console access to VMs and run commands over the serial port.

"This method of attack was unique in that it avoided many of the traditional detection methods employed within Azure and provided the attacker with full administrative access to the VM," Mandiant said in its report.

> Nearly all firms have some kind of cloud misconfiguration issue

> Many data breaches are being caused by misconfigured clouds

> Here's our list of the best endpoint security software

After that, the group does a number of additional moves to remain on the network, and to keep stealthy, as they identify and exfiltrate as much sensitive data as they can.

UNC3944 demonstrated a “deep understanding” of the Azure environment, Mandiant said, noting this level of technical know-how, combined with high-level social engineering skills, makes this malicious group quite dangerous.

These are the best firewalls to keep your business protected

Yahoo Sports
Chiefs' Harrison Butker may be removed from kickoffs due to new NFL rules
Kansas City Chiefs special teams coach Dave Toub said kicker Harrison Butker may be removed from kickoffs. But not because of Butker's recent controversial remarks.
Yahoo Sports
Top running backs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Sports
Gable Steveson, Olympic gold medal winner and NCAA champion wrestler, signs with Bills
Olympic gold medal and two-time NCAA champion wrestler Gable Steveson has signed with the Buffalo Bills. He'll attempt to make the team as a defensive tackle.
Yahoo Sports
Report: Pelicans to defer Lakers' first-round pick in Anthony Davis trade until 2025
The New Orleans Pelicans have opted not to take the Los Angeles Lakers' first-round pick in this year's NBA Draft as part of the Anthony Davis trade. The Pelicans will take the Lakers' pick next year.
Autoblog
Rhode Island asking kei car owners to turn in their registration
Rhode Island is making it illegal to register a kei car, and it's asking enthusiasts who already have one to turn in their registration.
Yahoo Finance
Warren Buffett's son Howard Buffett on his life as the potential next chairman of Berkshire Hathaway
Howard Buffett talks about life at Berkshire Hathaway and why he is donating hundreds of millions of dollars to Ukraine.
Yahoo Finance
Gen X is the 401(k) 'experiment generation.' Here's how that's playing out.
Nearly half of Gen Xers say their retirement savings are behind schedule, according to a new survey.
Yahoo Sports
Former 76ers player Drew Gordon, older brother of Nuggets starter Aaron Gordon, dies in car accident at 33
Drew Gordon played all over Europe after a college career at UCLA and New Mexico.
Yahoo Sports
President Biden dons Chiefs helmet, jokes with Travis Kelce in Super Bowl champs' second White House visit
Travis Kelce crashed the White House podium last year. This time, he received a direct invitation.
Yahoo Sports
Reports: Colorado S Shilo Sanders, Deion's son, facing NIL questions after filing for bankruptcy, $12 million assault lawsuit
A high school security guard won $12 million judgement after alleging Shilo Sanders broke his neck in 2015.
Yahoo Sports
Lashinda Demus will get her Olympic gold medal ... 12 years later
Demus will receive her gold medal at a ceremony at the foot of the Eiffel Tower during the 2024 Summer Olympics.
Yahoo Sports
The Spin: Making a call on 5 slumping fantasy baseball stars
All five of these hitters were drafted highly in fantasy baseball leagues. So far, they have not lived up to their ADPs — and that's an understatement. Scott Pianowski analyzes.
Yahoo Sports
The Scorecard: 5 starting pitchers making waves in fantasy baseball
Fantasy baseball analyst Dalton Del Don highlights a quintet of starting pitchers we should focus on a lot more.
Yahoo Finance
Trump-friendly billionaires from Elon Musk to Bill Ackman offer new support following conviction
Donald Trump’s conviction on falsifying business records led to an immediate reaction from his stable of friendly billionaires.
Yahoo Sports
Giants TE Darren Waller drops bizarre music video about recent divorce, complete with a fake Kelsey Plum
The video ends with the fake Plum stabbing Waller in the back.
Yahoo Sports
Trey Lance is close to 'being a master' of Cowboys offense, says coach Mike McCarthy
Dallas Cowboys coach Mike McCarthy praised quarterback Trey Lance, saying he's close to mastering the team's offense. Lance did not play last season.
Yahoo Sports
Umpire Ángel Hernández, after long and controversial run in Major League Baseball, set to retire
Ángel Hernández, by both fans and players alike, has long been considered one of the most hated umpires in Major League Baseball.
Yahoo Sports
Chiefs DT Isaiah Buggs turns himself in to police, charged with animal cruelty
The Chiefs' bizarre offseason rolls on.
Yahoo Sports
Winners & losers from the 2024 NBA Draft withdrawal deadline | On the Clock with Krysten Peek
Krysten Peek is joined by CBS Sports HQ basketball insider and 247 Sports Director of Scouting Adam Finkelstein to discuss the biggest winners and losers from the 2024 NBA Draft withdrawal deadline.
Yahoo Sports
Charges against Scottie Scheffler dropped in police incident during PGA Championship
The World No. 1 is free of all charges stemming from a confrontation outside Valhalla Golf Club on May 17.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Microsoft Azure accounts hit with phishing attacks to hijack virtual machines

Impersonating admins

Recommended Stories

Chiefs' Harrison Butker may be removed from kickoffs due to new NFL rules

Top running backs for 2024 fantasy football, according to our experts

Gable Steveson, Olympic gold medal winner and NCAA champion wrestler, signs with Bills

Report: Pelicans to defer Lakers' first-round pick in Anthony Davis trade until 2025

Rhode Island asking kei car owners to turn in their registration

Warren Buffett's son Howard Buffett on his life as the potential next chairman of Berkshire Hathaway

Gen X is the 401(k) 'experiment generation.' Here's how that's playing out.

Former 76ers player Drew Gordon, older brother of Nuggets starter Aaron Gordon, dies in car accident at 33

President Biden dons Chiefs helmet, jokes with Travis Kelce in Super Bowl champs' second White House visit

Reports: Colorado S Shilo Sanders, Deion's son, facing NIL questions after filing for bankruptcy, $12 million assault lawsuit

Lashinda Demus will get her Olympic gold medal ... 12 years later

The Spin: Making a call on 5 slumping fantasy baseball stars

The Scorecard: 5 starting pitchers making waves in fantasy baseball

Trump-friendly billionaires from Elon Musk to Bill Ackman offer new support following conviction

Giants TE Darren Waller drops bizarre music video about recent divorce, complete with a fake Kelsey Plum

Trey Lance is close to 'being a master' of Cowboys offense, says coach Mike McCarthy

Umpire Ángel Hernández, after long and controversial run in Major League Baseball, set to retire

Chiefs DT Isaiah Buggs turns himself in to police, charged with animal cruelty

Winners & losers from the 2024 NBA Draft withdrawal deadline | On the Clock with Krysten Peek

Charges against Scottie Scheffler dropped in police incident during PGA Championship