I’M UNDER A CYBER ATTACK

Alert

Alert 2023-03 – Lateral movement techniques to virtual machines in Azure via Microsoft SQL Servers

Microsoft researchers have recently begun to identify attacks in which the attacker manages to compromise Azure cloud environments, using pivoting techniques from Microsoft SQL servers connected to previously compromised SQL injection vulnerable web applications.

The observed attacks start with the exploitation of a SQL injection vulnerability in a web application in the target’s environment. This allows threat actors to gain access to the MS SQL Server instance hosted in the Azure virtual machine with elevated permissions to execute SQL commands and extract valuable data. If the compromised application has elevated permissions, attackers can trigger the ‘xp_cmdshell’ command to execute operating system (OS) commands via SQL, giving them a direct shell to the host (the virtual machine with the SQL installed).

WE’RE HERE TO HELP

Are you under a cyber attack?

Report it here

get the latest alerts in your inbox

Subscribe to our newsletter

We are a a group of highly trained professionals based in R&D with advanced technical knowledge and experience in the detection, analysis, containment, and recovery of security incidents.

We are a CSIRT, we are Cybolt.

I’M UNDER A CYBER ATTACK

Explore

Services

Stay updated

© 2024. Beacon Lab CSIRT, Privacy Policy

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.