Envision going to sleep and, upon awakening, finding a silent but unseen incursion happening within one of the cloud platforms many people use today. Microsoft recently raised the alarm about a massive, covert cyberattack on its Azure accounts. The attackers were hackers allegedly backed by the Chinese government. Their weapon was a botnet of over 16,000 compromised devices, primarily TP-Link routers scattered across the globe. These hijacked devices are workingtogether to carry out “password-spraying” attacks, where login attempts are spread across countless accounts, slipping under the radar without triggering alarms. It is a silent storm that has been brewing right under our noses for more than a year.
Imagine trying to guess a friend’s password on their phone. Instead of trying every password combination on just one device (which would quickly raise suspicions), you try different guesses across multiple devices. Each device only attempts a few logins, but with thousands of devices working together, the chances of success skyrocket. That is essentially what is happening here on a massive scale.
The botnet, first discovered in October 2023 and nicknamed Botnet-7777 by researchers, is referred to by Microsoft as CovertNetwork-1658. The network has shrunk to around 8,000 active devices, but it still presents a big risk. It lets attackers test many passwords, making it more likely that they will break into Azure accounts. A Chinese hacking group, Storm-0940, uses this network to go after essential groups. Their targets include think tanks, law firms, and government offices across the globe.
Once inside an Azure account, hackers do not just stop. They use their way to spread deeper into the company’s network. They steal sensitive information and create backdoors to get back in later. Microsoft cautions that these attacks could affect organizations worldwide without safeguards in place. It might harm crucial data and ongoing work.
For the security of your Azure account, it is advisable to create a strong, unique password and enable Multi-Factor Authentication (MFA). You can liken MFA to an additional lock on your account in addition to your password since it requires another form of identification, such as a code sent to your phone, which is used to log into the account. In this manner, even if an adversary were to decrypt your password successfully, they would be unable to gain entry without the second step. These are very simple measures to take, but they can be very effective in protecting your account from sophisticated combination-syndrome attacks, such as CovertNetwork-1658, thereby giving you a better shield against the risks of cyberspace.
