fbpx
Frame-14

Privacy Ninja

        • DATA PROTECTION

        • CYBERSECURITY

        • Penetration Testing

          Secure your network against various threat points. VA starts at only S$1,000, while VAPT starts at S$4,000. With Price Beat Guarantee!

        • API Penetration Testing
        • Enhance your digital security posture with our approach that identifies and addresses vulnerabilities within your API framework, ensuring robust protection against cyber threats targeting your digital interfaces.

        • On-Prem & Cloud Network Penetration Testing
        • Boost your network’s resilience with our assessment that uncovers security gaps, so you can strengthen your defences against sophisticated cyber threats targeting your network

        • Web Penetration Testing
        • Fortify your web presence with our specialised web app penetration testing service, designed to uncover and address vulnerabilities, ensuring your website stands resilient against online threats

        • Mobile Penetration Testing
        • Strengthen your mobile ecosystem’s resilience with our in-depth penetration testing service. From applications to underlying systems, we meticulously probe for vulnerabilities

        • Cyber Hygiene Training
        • Empower your team with essential cybersecurity knowledge, covering the latest vulnerabilities, best practices, and proactive defence strategies

        • Thick Client Penetration Testing
        • Elevate your application’s security with our thorough thick client penetration testing service. From standalone desktop applications to complex client-server systems, we meticulously probe for vulnerabilities to fortify your software against potential cyber threats.

        • Source Code Review
        • Ensure the integrity and security of your codebase with our comprehensive service, meticulously analysing code quality, identifying vulnerabilities, and optimising performance for various types of applications, scripts, plugins, and more

        • Email Spoofing Prevention
        • Check if your organisation’s email is vulnerable to hackers and put a stop to it. Receive your free test today!

        • Email Phishing Excercise
        • Strengthen your defense against email threats via simulated attacks that test and educate your team on spotting malicious emails, reducing breach risks and boosting security.

        • Cyber Essentials Bundle
        • Equip your organisation with essential cyber protection through our packages, featuring quarterly breached accounts monitoring, email phishing campaigns, cyber hygiene training, and more. LAUNCHING SOON.

Microsoft Disrupts Nation-State Hacker Op Using Azure Cloud Service

Microsoft Disrupts Nation-State Hacker Op Using Azure Cloud Service

In a report this week, Microsoft said that it disrupted operations of a nation-state threat group that was using its Azure cloud infrastructure for cyber attacks.

Microsoft refers to the actor by the name Gadolinium and says that it’s been active for about a decade targeting organizations in the maritime and health industry; more recently, the hackers expanded focus to higher education and regional government entities.

Abusing cloud services

Based on detections of various components serving Gadolinium’s malicious activity, Microsoft Threat Intelligence Center (MSTIC) identified 18 Azure Active Directory applications the group used for their command and control infrastructure.

These were part of the actor’s custom version of the PowerShell Empire post-exploitation toolkit that enabled them to deploy malicious modules on a compromised computer using Microsoft Graph API calls.

“It provides a command and control module that uses the attacker’s Microsoft OneDrive account to execute commands and retrieve results between attacker and victim systems”

– Microsoft

Earlier this year, in April, the company removed the 18 Azure Active Directory applications, thus disrupting, even if temporarily, the malicious Gadolinium activity.

Also Read: 6 Simple Tips On Cyber Safety at Home

Earlier this year, in April, the company removed the 18 Azure Active Directory applications, thus disrupting, even if temporarily, the malicious Gadolinium activity.

Attacks from this threat group start with spear phishing emails to deliver malicious documents (PowerPoint in 2020) that drop a file typically with two payloads.

The attack chain continues with extracting and deploying the modified version of PowerShell Empire disguised as a PNG image file. This enables the attacker to download more modules on the compromised computer and establish a backdoor channel.

The role of the Azure Active Directory application was to set up the victim systems so it could receive commands from and exfiltrate data to a OneDrive storage account controlled by the attacker.

This configuration made it particularly difficult to detect malicious activity at the network level because of the legitimate tools and services involved, Microsoft says in a report on Thursday.

While Microsoft does not provide many details about Gadolinium apart from its longevity and targets of interest, the Fraunhofer FKIE research institute lists it under other aliases from various cybersecurity companies: APT40, BRONZE MOHAWK, Gadolinium, Kryptonite Panda.

Past reports from FireEye referred to the group as APT40, TEMP.Periscope, and TEMP.Jumper, suspecting it to be a Chinese cyber espionage threat actor. In research published in March 2018, the company says cybersecurity firm Proofpoint tracks this cyber espionage actor as Leviathan.

Also Read: Free Privacy Policy Compliance Review

0 Comments

KEEP IN TOUCH

Subscribe to our mailing list to get free tips on Data Protection and Data Privacy updates weekly!

Personal Data Protection

REPORTING DATA BREACH TO PDPC?

We have assisted numerous companies to prepare proper and accurate reports to PDPC to minimise financial penalties.
×

Hello!

Click one of our contacts below to chat on WhatsApp

× Chat with us