Azure Misconfiguration Lets Attackers Take Over Cloud Infrastructure

A recent security analysis has revealed how a chain of misconfigurations in Microsoft Azure can allow attackers to gain complete control over an organization’s cloud infrastructure, from initial access to full tenant takeover.

The attack path, demonstrated using real-world tools and PowerShell scripts, highlights the urgent need for organizations to harden their Azure deployments and monitor for suspicious activity , as per a report by ITM8.

How the Attack Unfolds

The attack begins with an unauthenticated adversary performing reconnaissance. Using open-source tools like MicroBurst, attackers enumerate Azure subdomains and search for publicly exposed storage accounts.

In this case, a storage account named adsikkerhed was found with a container allowing public access to a CSV file containing Azure Active Directory (AAD) user credentials:

Invoke-WebRequest "https://adsikkerhed.blob.core.windows.net/files/test.csv" -OutFile .\output\test.csv

Get-Content .\output\test.csv

With valid credentials in hand ...