Microsoft removes 18 Chinese hacker apps from Azure
Microsoft removes 18 Chinese
Microsoft has removed from its Azure portal 18 Azure Active Directory applications that were developed and used by the Chinese cybercriminal group Gadolinium (also known as APT40 or Leviathan). The programs were removed in April this year.
Azure apps were used as part of a malware campaign in 2020 that Microsoft described as “particularly difficult” to detect due to the multi-stage infection process and the widespread use of PowerShell payloads.
The attacks began with targeted phishing, in which criminals sent malicious emails to organizations, usually containing COVID-19-themed
According to Microsoft, the hackers used malware on infected computers to install one of 18 Azure AD applications. The role of these applications was to automatically configure the victim’s endpoint “with the permissions required to steal and send
In addition to removing malicious apps, Microsoft has also been working on removing the GitHub account that the same Gadolinium group used in their attacks in 2018. also These actions will prevent criminals from reusing the same account for other potential attacks in the future.