Cybercriminals are storing malicious content, including malware and C2 servers, on Microsoft’s Azure cloud services.
In one incident nearly 200 websites showing tech support scams were hosted on the platform, according to a Bleeping Computer blog post.
In another incident, threat actors used Azure to host a phishing template for Office 365, which could have resulted in a potentially convincing and successful attack considering that both are Microsoft products.
AppRiver researcher David Picket said that Azure is not currently detecting the malicious software on Microsoft servers although he noted Windows Defender would kick in and block malicious files if users tried to download them on the machine.
“Once running, this malicious agent generates XML SOAP requests every two minutes to check-in and receive commands from the malicious actors Azure command and control site at: systemservicex[.]azurewebsites[.]net/data[.]asmx,” Picket said.
Microsoft has not responded to SC’s request for comment.
Gloss