Azure Sentinel News
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
  • Home
    • Home – Layout 1
    • Home – Layout 2
    • Home – Layout 3
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence
No Result
View All Result
Azure Sentinel News
No Result
View All Result
Home Threat Intelligence

Making buildings smarter with Azure IoT

Azure Sentinel News Editor by Azure Sentinel News Editor
November 25, 2020
in Threat Intelligence
0
ThreatConnect integrates its TIP and SOAR platform with Microsoft Graph Security API
2.7kViews
202 Shares Share on Facebook Share on Twitter

Microsoft suspends 18 Azure accounts tied to China-based hackers

Microsoft has suspended 18 Azure Active Directory applications on its Cloud infrastructure that were being used by a Chinese nation-state actor to execute their attacks.

Microsoft has suspended 18 Azure Active Directory applications on its Cloud infrastructure that were being used by a Chinese nation-state actor to execute their attacks. The apps were part of the malicious command and control infrastructure by Gadolinium – China-based nation-state activity group that has been compromising targets for nearly a decade with a worldwide focus on the maritime and health industries.

As with most threat groups, Gadolinium tracks the tools and techniques of security practitioners looking for new techniques they can use or modify to create new exploit methods, according to Ben Koehl from Microsoft Threat Intelligence Centre (MSTIC).

Gadolinium uses cloud services and open source tools to enhance weaponization of their malware payload, attempt to gain command and control all the way to the server, and to obfuscate detection.

“These attacks were delivered via spear-phishing emails with malicious attachments and detected and blocked by Microsoft Defender, formerly Microsoft Threat Protection (MTP), and able to be detected using Azure Sentinel,” Microsoft said.

Recently, Microsoft observed newly expanded targeting outside of those sectors to include the Asia Pacific region and other targets in higher education and regional government organisations.

“Gadolinium has been experimenting with using cloud services to deliver their attacks to increase both operation speed and scale for years,” the tech giant said in a blog post this week.

Two of the most recent attack chains in 2019 and 2020 were delivered from Gadolinium using similar tactics and techniques.

Gadolinium used several different payloads to achieve its exploitation or intrusion objectives including a range of PowerShell scripts to execute file commands to potentially exfiltrate data.

In mid-April 2020, Gadolinium actors were detected sending spear-phishing emails with malicious attachments. The filenames of these attachments were named to appeal to the target’s interest in the Covid-19 pandemic.

The Gadolinium uses an Azure Active Directory application to configure a victim endpoint with the permissions needed to exfiltrate data to the attacker’s own Microsoft OneDrive storage.

“Gadolinium will no doubt evolve their tactics in pursuit of its objectives. As those threats target Microsoft customers, we will continue to build detections and implement protections to defend against them,” Microsoft said.

Reference: https://www.indiatvnews.com/technology/news-microsoft-suspends-18-azure-accounts-tied-to-china-based-hackers-652351

Azure Sentinel News Editor

Azure Sentinel News Editor

Related Posts

With new release, CrowdStrike targets Google Cloud, Azure and container adopters
Threat Intelligence

Tips for Parsing Syslog to Azure Sentinel

December 31, 2020
CRITICALSTART Adds Support for Microsoft Azure Sentinel to MDR Services
Threat Intelligence

Locate all the Preview Goodies in Your Azure Sentinel Console

December 30, 2020
Microsoft is quietly becoming a cybersecurity powerhouse
Threat Intelligence

How to Prohibit an Azure Sentinel Analyst from Editing a Playbook

December 29, 2020
Next Post
O365 & AAD Multi-Tenant Custom Connector – Azure Sentinel

Looking Back at Microsoft Ignite 2019 - Tech Intensity, End to End Security and AI

Watching the Watchers: Monitoring Azure Sentinel Query Activity for Malicious Activity.

Securing Remote Virtual Machines Using Azure Bastion

Insight Recognized as a Microsoft Security 20/20 Partner Award Winner for Azure Security Deployment Partner of the Year

Remote State Management with Terraform Cloud

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Follow Us

  • 21.8M Fans
  • 81 Followers

Recommended

KPMG Announces New Security Offering For Microsoft Azure Sentinel

KPMG Announces New Security Offering For Microsoft Azure Sentinel

4 months ago
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

How to Evolve the SOC with Azure Sentinel: Hunting Queries

2 months ago
Microsoft and Docker collaborate on new ways to deploy containers on Azure

SolarWinds Post-Compromise Hunting with Azure Sentinel

3 months ago
What’s new: Microsoft Teams connector in Public Preview

How to Connect the New Intune Devices Log Azure Sentinel

1 month ago

Instagram

    Please install/update and activate JNews Instagram plugin.

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

Topics

anomaly automation Azure Azure DevOps Azure Security Center Azure Sentinel Azure Sentinel API Azure Sentinel Connector BlueVoyant Call cybersecurity Detection file GitHub Hunting Huntingy IAC incident response Incident Triage infrastructure as code Investigation jupyter LAQueryLogs MDR Microsoft microsoft 365 mssp Multitenancy Notebooks Pester Playbooks PowerShell python Records Security Sentinel Sharing SIEM signin Supply Chain teams Threat hunting Watchlists Workbooks XDR
No Result
View All Result

Highlights

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

New Items of Note on the Azure Sentinel GitHub Repo

Tuning the MCAS Analytics Rule for Azure Sentinel: System Alerts and Feature Deprecation

New Search Capability for Azure Sentinel Incidents

Follow-up: Microsoft Tech Talks Practical Sentinel : A Day in the Life of a Sentinel Analyst

Changes in How Running Hunting Queries Works in Azure Sentinel

Trending

What’s new: Microsoft Teams connector in Public Preview
AI & ML

Azure Sentinel Weekly Newsletter

by Azure Sentinel News Editor
March 1, 2021
0

I’ve sensed this for a while now, but a few days ago it really hit me —...

What’s new: Microsoft Teams connector in Public Preview

How to Generate Azure Sentinel Incidents for Testing

February 26, 2021
What’s new: Microsoft Teams connector in Public Preview

Azure Sentinel Notebooks Loses It’s Preview Tag

February 25, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

The Holy Grail of Azure Sentinel Data Connections: The Azure Service Diagnostic Setting

February 22, 2021
Microsoft’s newest sustainable datacenter region coming to Arizona in 2021

New Items of Note on the Azure Sentinel GitHub Repo

February 18, 2021

We bring you the best, latest and perfect Azure Sentinel News, Magazine, Personal Blogs, etc. Visit our landing page to see all features & demos.
LEARN MORE »

Recent News

  • Azure Sentinel Weekly Newsletter March 1, 2021
  • How to Generate Azure Sentinel Incidents for Testing February 26, 2021
  • Azure Sentinel Notebooks Loses It’s Preview Tag February 25, 2021

Categories

  • AI & ML
  • Artificial Intelligence
  • Incident Response
  • IR
  • KQL
  • Security and Compliance
  • Security Ochestration & Automated Response
  • Security Operations
  • SIEM
  • SOAR
  • SOC
  • Threat Intelligence
  • Uncategorized

[mc4wp_form]

Copyright © 2020 - Azure Sentinel News

No Result
View All Result
  • Home
  • Security and Compliance
  • SOC
  • Threat Intelligence
  • Security Ochestration & Automated Response
  • SOAR
  • Security Operations
  • Artificial Intelligence

Copyright © 2020 Azure Sentinel News