Microsoft Warns of Cyber Attacks Attempting to Breach Cloud via SQL Server Instance
04-Oct-23
Attackers attempted to go laterally to a cloud environment through a SQL Server instance in a new campaign that Microsoft has described. Security researchers Sunders Bruskin, Hagai Ran Kestenberg, and Fady Nasereldeen stated in a study on Tuesday that the attackers originally took advantage of a SQL injection vulnerability in an application within the target’s environment.
“This gave the attacker access to a Microsoft SQL Server instance running on an Azure Virtual Machine (VM) and elevated rights. The threat actors then attempted to access further cloud resources by abusing the server’s cloud identity, which may have elevated permissions to carry out a variety of malicious acts in the cloud to which the identity has access, by leveraging the increased permissions.
