Storm-1977 strikes educational clouds with Azurechecker, publishes 200+ encryption mining container

April 27, 2025Ravi Lakshmanankubernetes / cloud safety

Microsoft revealed that the actor of the threat that you follow with Storm-1977 Password spray attacks Against the cloud tenants in the education sector during the past year.

“The attack includes the use of Azurechecker.exe, the connection line tool (CLI) used by a wide range of actors to threaten” He said In analysis.

The technology giant noticed that the duo noticed an external server called “SAC-NOTEFUNCTION[.]VIP “ASES Recover AES contains a list of password spraying goals.

The tool also accepts a text file called “Accounts.txt” that includes username and password collections for use to carry out the password spray attack.

Microsoft said: “The actor of the threat then used the information from both files and the publication of reliance on tenants targeted to verify health,” Microsoft said.

In one successful case for the settlement of the account that Redmond has noticed, it is said that the representative of the threat has benefited from a guest account to create a set of resources within the risk.

The attackers then created more than 200 containers inside the resource group with the ultimate goal of conducting unlawful cryptocurrency mining.

Microsoft contains container assets, such as kubernetes collections, container records, and photos, said they are Responsible to Various types of attacksIncluding using –

• Cloud accreditation data to facilitate the acquisition of the mass
• Pictures of containers with weaknesses and poor formations to implement harmful measures
• Faculties of the wrong management of the training to reach the Kubernetes applications interface, spread harmful containers, or kidnapping the entire group
• The contract that works on the symbol or weak programs

To alleviate such malicious activities, institutions are advised to secure the deployment of containers and operating time, monitor unusual API requests, and to form policies to prevent containers from publishing them from unreliable records, and to ensure that the images that are published in containers are free of weaknesses.