Attempted cyberattacks have been launched against a vulnerable Microsoft SQL server to facilitate further cloud environment compromise as part of an unsuccessful campaign, according to The Hacker News.
Initial exploitation of an SQL injection bug enabled threat actors to secure access and privileges to an Azure Virtual Machine-based SQL server, a report from Microsoft Threat Intelligence researchers revealed. New permissions were then used to exploit the server's cloud identity and allow lateral movement to other resources. Attackers were also able to deploy operating system commands to enable reconnaissance, executable and PowerShell script downloading, and persistence efforts although such an intrusion was thwarted by an unspecified error, researchers reported. "Not properly securing cloud identities can expose SQL Server instances and cloud resources to similar risks. This method provides an opportunity for the attackers to achieve greater impact not only on the SQL Server instances but also on the associated cloud resources," said researchers.