Education subjected to Storm-1977 password spraying intrusions

Security Affairs reports that cloud tenants in the education industry have been targeted by the Storm-1977 threat operation in password spraying attacks that facilitated cryptomining activities during the past 12 months. Intrusions commenced with the utilization of the command line interface tool AzureChecker.exe to establish a connection with sac-auth[.]nodefunction[.]VIP and download AES-encrypted data that divulged password spray targets upon decryption, according to a report from Microsoft. With AzureChecker.exe accepting a .txt file with username and password combinations, Storm-1977 was able to exploit a guest account to establish more than 200 cryptomining containers, said Microsoft. Higher odds of account hacking from exposed credentials, image vulnerabilities, API-leaking environment misconfigurations, and app-level intrusions, as well as node-level attacks and pod escapes and unwanted traffic stemming from inadequate network security should prompt organizations to bolster security defenses for containers, CI/CD pipelines, dependencies, and runtime environments, Microsoft added.