San Francisco: Microsoft has suspended 18 Azure Active Directory applications on its Cloud infrastructure that were being used by a Chinese nation-state actor to execute their attacks.
The apps were part of the malicious command and control infrastructure by Gadolinium – China-based nation-state activity group that has been compromising targets for nearly a decade with a worldwide focus on the maritime and health industries.
As with most threat groups, Gadolinium tracks the tools and techniques of security practitioners looking for new techniques they can use or modify to create new exploit methods, according to Ben Koehl from Microsoft Threat Intelligence Centre (MSTIC).
Gadolinium uses cloud services and open source tools to enhance weaponization of their malware payload, attempt to gain command and control all the way to the server, and to obfuscate detection.
"These attacks were delivered via spear-phishing emails with malicious attachments and detected and blocked by Microsoft Defender, formerly Microsoft Threat Protection (MTP), and able to be detected using Azure Sentinel," Microsoft said.
Recently, Microsoft observed newly expanded targeting outside of those sectors to include the Asia Pacific region and other targets in higher education and regional government organisations.
"Gadolinium has been experimenting with using cloud services to deliver their attacks to increase both operation speed and scale for years," the tech giant said in a blog post this week.
Two of the most recent attack chains in 2019 and 2020 were delivered from Gadolinium using similar tactics and techniques.
Gadolinium used several different payloads to achieve its exploitation or intrusion objectives including a range of PowerShell scripts to execute file commands to potentially exfiltrate data.
In mid-April 2020, Gadolinium actors were detected sending spear-phishing emails with malicious attachments.
The filenames of these attachments were named to appeal to the target's interest in the Covid-19 pandemic.
The Gadolinium uses an Azure Active Directory application to configure a victim endpoint with the permissions needed to exfiltrate data to the attacker's own Microsoft OneDrive storage.
"Gadolinium will no doubt evolve their tactics in pursuit of its objectives. As those threats target Microsoft customers, we will continue to build detections and implement protections to defend against them," Microsoft said.
For all the latest News, Opinions and Views, download ummid.com App.
Select Language To Read in Urdu, Hindi, Marathi or Arabic.
Farmers across India erupt over Agri Bills
Also Read
Modi govt's anti-farmer agenda started in 2016 from Bihar: Congress
Dates Out. Read How COVID is Affecting Bihar Polls!
Over 56% voters in Bihar unhappy with Nitish, want new govt: Survey
Present state of Electronic Media bears parallels with 'Nazi Germany': SC told
Sara, a 5th grader, wins '2020 Google Doodle' for spreading kindness
Tablighis not behind Covid-19 spread: Bombay HC Nagpur Bench
Sudarshan TV issued show cause notice for code violation: Centre to SC
Sudarshan TV cites NDTV's 'Hindu Terror...' show in its affidavit on 'UPSC Jihad'
'Divisive Agenda, Hatred for Muslims': SC not to lift stay on Sudarshan TV show
Time to Introspect Muslim Angle in ISRO Spy Case of 1994
MoS Railways Suresh Angadi succumbs to Coronavirus
Shaheen Bagh's 'dadi' congratulates 4 timer Modi, after spotting in Time Magazine
Kashmiris today would rather be happy if ruled by China: Farooq Abdullah
'A Burning Issue': Erdogan again rakes Kashmir at UN General Assembly
