As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To assist IT professionals in comprehending and preventing attacks that involve AD, the Semperis Research Team publishes a monthly roundup of recent cyberattacks. In this month’s roundup, the MOVEit exploitation attacks claim more victims, Microsoft reports email account breaches that involved a stolen Azure AD enterprise signing key, and both BlackCat and Clop claim attacks on beauty company Estée Lauder.

Chinese cybercriminals use stolen Azure AD signing key to compromise email accounts

Microsoft reported that a Chinese cyber-espionage group called Storm-0558 used a stolen Azure AD enterprise signing key to breach the email accounts of about 25 organizations, reportedly including the U.S. State and Commerce Departments.

Read more

Deutsche Bank, Maximus and Colorado State join MOVEit breach victim list

U.S. government services contractor MaximusDeutsche Bank, and Colorado State University were three of the most recent victims reporting their data was compromised in the recent MOVEit Transfer data-theft attacks. Clop ransomware group exploited a zero-day flaw in the file transfer application to breach companies worldwide, including Virginia insurance provider Genworth Financial and the California Public Employees’ Retirement System (CalPERS). Clop’s attack methods include targeting the victim’s entire network by compromising the Active Directory (AD) server and dropping malware.

Read more

ALPHV/BlackCat and Clop claim attacks on beauty company Estée Lauder

Both ALPHV/BlackCat and Clop took credit for cyberattacks on beauty giant Estée Lauder Companies, with Clop reportedly gaining access through the MOVEit Transfer vulnerability. BlackCat complained that the company refused to engage in negotiations, then released an API for their leak site in an effort to increase visibility for their attacks and put more pressure on victims to pay a ransom, a tactic that Clop soon copied by creating Internet-hosted websites dedicated to specific victims.

Read more

More resources

AD Security 101: Man-in-the-Middle Attacks – Semperis

3 Steps to Protect AD from Wiperware – Semperis

Why AD Modernization Is Critical to Your Cybersecurity Program – Semperis

The post Identity Attack Watch: AD Security News, July 2023 appeared first on Semperis.