Ad End 1 February 2024
Ad Ends 13 January 2025
Ad End 26 February 2025
ad End 25 April 2025
Ad Ends 20 January 2025
Ad expire at 5 August 2024
banner Expire 25 April 2025
What's new
banner Expire 15 January 2025
banner Expire 20 October 2024
UniCvv
casino
swipe store
adv exp at 23 August 2024
Carding.pw carding forum
BidenCash Shop
Kfc CLub

File_closed07

TRUSTED VERIFIED SELLER
Staff member
Joined
Jun 13, 2020
Messages
7,545
Reaction score
916
Points
212
Awards
2
  • trusted user
  • Rich User
The Gadolinium group abused Azure AD applications to attack Microsoft Azure users.




Microsoft has removed from its Azure portal 18 Azure Active Directory applications that were developed and used by the Chinese cybercriminal group Gadolinium (also known as APT40 or Leviathan). The programs were removed in April this year.

Azure apps were used as part of a malware campaign in 2020 that Microsoft described as "particularly difficult" to detect due to the multi-stage infection process and the widespread use of PowerShell payloads.

The attacks began with targeted phishing, in which criminals sent malicious emails to organizations, usually containing COVID-19-themed PowerPoint files. As soon as the victim opened the document, malicious programs were installed on their system.

According to Microsoft, the hackers used malware on infected computers to install one of 18 Azure AD applications. The role of these applications was to automatically configure the victim's endpoint “with the permissions required to steal and send data to the attackers' Microsoft OneDrive.

In addition to removing malicious apps, Microsoft has also been working on removing the GitHub account that the same Gadolinium group used in their attacks in 2018. These actions will prevent criminals from reusing the same account for other potential attacks in the future.
 
Ad End 1 February 2024
Top