As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To assist IT professionals in comprehending and preventing attacks that involve AD, the Semperis Research Team publishes a monthly roundup of recent cyberattacks. In this month’s roundup, the MOVEit exploitation attacks claim more victims, Microsoft reports email account breaches that involved a stolen Azure AD enterprise signing key, and both BlackCat and Clop claim attacks on beauty company Estée Lauder.
Chinese cybercriminals use stolen Azure AD signing key to compromise email accounts
Microsoft reported that a Chinese cyber-espionage group called Storm-0558 used a stolen Azure AD enterprise signing key to breach the email accounts of about 25 organizations, reportedly including the U.S. State and Commerce Departments.
Deutsche Bank, Maximus and Colorado State join MOVEit breach victim list
U.S. government services contractor Maximus, Deutsche Bank, and Colorado State University were three of the most recent victims reporting their data was compromised in the recent MOVEit Transfer data-theft attacks. Clop ransomware group exploited a zero-day flaw in the file transfer application to breach companies worldwide, including Virginia insurance provider Genworth Financial and the California Public Employees’ Retirement System (CalPERS). Clop’s attack methods include targeting the victim’s entire network by compromising the Active Directory (AD) server and dropping malware.
ALPHV/BlackCat and Clop claim attacks on beauty company Estée Lauder
Both ALPHV/BlackCat and Clop took credit for cyberattacks on beauty giant Estée Lauder Companies, with Clop reportedly gaining access through the MOVEit Transfer vulnerability. BlackCat complained that the company refused to engage in negotiations, then released an API for their leak site in an effort to increase visibility for their attacks and put more pressure on victims to pay a ransom, a tactic that Clop soon copied by creating Internet-hosted websites dedicated to specific victims.
The post Identity Attack Watch: AD Security News, July 2023 appeared first on Semperis.