Financially motivated threat actor UNC3944 is using phishing and SIM swapping attacks to take over Microsoft Azure admin accounts and gain access to virtual machines (VM), according to cybersecurity firm Mandiant.
Using access to virtual machines the attackers employed malicious use of the Serial Console on Azure Virtual Machines to install third-party remote management software within client environments, Mandiant said in a blog.
UNC3944 has been active since May 2022. The threat actor has been observed carrying out SIM-swapping attacks followed by the establishment of persistence using compromised accounts.
More Stories
New Ransomware Group Uses AI to Develop Nefarious Tools
Researchers at Check Point said FunkSec operators appear to use AI for malware development Read More
Microsoft Takes Legal Action Against AI “Hacking as a Service” Scheme
Not sure this will matter in the end, but it’s a positive move: Microsoft is accusing three individuals of running...
WEF Warns of Growing Cyber Inequity Amid Escalating Complexities in Cyberspace
A new WEF report highlighted growing disparities in the cyber capabilities of different types of organizations and regions Read More
Three Russians Charged with Crypto Mixer Money Laundering
Three Russian men have been indicted on money laundering charges connected to cryptocurrency mixers Read More
Telefonica Breach Hits 20,000 Employees and Exposes Jira Details
Telefonica has confirmed a breach of its internal ticketing system exposing more than 236,000 lines of customer data Read More
Friday Squid Blogging: Cotton-and-Squid-Bone Sponge
News: A sponge made of cotton and squid bone that has absorbed about 99.9% of microplastics in water samples in...