Identity Attack Watch: AD Security News, July 2023

Semperis Research Team

As cyberattacks targeting Active Directory continue to rise, AD security, identity, and IT teams face mounting pressure to monitor the evolving AD-focused threat landscape. To assist IT professionals in comprehending and preventing attacks that involve AD, the Semperis Research Team publishes a monthly roundup of recent cyberattacks. In this month’s roundup, the MOVEit exploitation attacks claim more victims, Microsoft reports email account breaches that involved a stolen Azure AD enterprise signing key, and both BlackCat and Clop claim attacks on beauty company Estée Lauder.

Chinese cybercriminals use stolen Azure AD signing key to compromise email accounts

Microsoft reported that a Chinese cyber-espionage group called Storm-0558 used a stolen Azure AD enterprise signing key to breach the email accounts of about 25 organizations, reportedly including the U.S. State and Commerce Departments.

Deutsche Bank, Maximus and Colorado State join MOVEit breach victim list

U.S. government services contractor Maximus, Deutsche Bank, and Colorado State University were three of the most recent victims reporting their data was compromised in the recent MOVEit Transfer data-theft attacks. Clop ransomware group exploited a zero-day flaw in the file transfer application to breach companies worldwide, including Virginia insurance provider Genworth Financial and the California Public Employees’ Retirement System (CalPERS). Clop’s attack methods include targeting the victim’s entire network by compromising the Active Directory (AD) server and dropping malware.

ALPHV/BlackCat and Clop claim attacks on beauty company Estée Lauder

Both ALPHV/BlackCat and Clop took credit for cyberattacks on beauty giant Estée Lauder Companies, with Clop reportedly gaining access through the MOVEit Transfer vulnerability. BlackCat complained that the company refused to engage in negotiations, then released an API for their leak site in an effort to increase visibility for their attacks and put more pressure on victims to pay a ransom, a tactic that Clop soon copied by creating Internet-hosted websites dedicated to specific victims.

New Forrester TEI Report: Semperis Slashes Downtime by 90%, Saving Customers Millions

Semperis Extends ML-Based Attack Detection with Specialized Identity Risk Focus

Semperis Wins CRN’s Prestigious Partner Program Guide Two Consecutive Years

The CISO's Take on Identity-First Security featuring Simon Hodgkinson

Semperis Named to Inc. Magazine’s Annual List of Best Workplaces for Third Consecutive Year

Identity Attack Watch: AD Security News, July 2023

Chinese cybercriminals use stolen Azure AD signing key to compromise email accounts

Deutsche Bank, Maximus and Colorado State join MOVEit breach victim list

ALPHV/BlackCat and Clop claim attacks on beauty company Estée Lauder

More resources

New Forrester TEI Report: Semperis Slashes Downtime by 90%, Saving Customers Millions

Semperis Extends ML-Based Attack Detection with Specialized Identity Risk Focus

Semperis Wins CRN’s Prestigious Partner Program Guide Two Consecutive Years

The CISO's Take on Identity-First Security featuring Simon Hodgkinson

Semperis Named to Inc. Magazine’s Annual List of Best Workplaces for Third Consecutive Year

Identity Attack Watch: AD Security News, July 2023

Chinese cybercriminals use stolen Azure AD signing key to compromise email accounts

Deutsche Bank, Maximus and Colorado State join MOVEit breach victim list

ALPHV/BlackCat and Clop claim attacks on beauty company Estée Lauder

More resources

Sign Up for the Latest Semperis News