Summary: Microsoft has reported that the threat actor known as Storm-1977 has been executing password spraying attacks on educational cloud tenants, utilizing the AzureChecker.exe tool to facilitate these attacks. The actors exploit compromised guest accounts to create unauthorized resource groups for malicious purposes, including cryptocurrency mining. To combat these threats, Microsoft emphasizes the need for organizations to enhance their security measures for cloud containers and monitor for suspicious activities.
Affected: Educational Sector Cloud Tenants
Keypoints :
- Storm-1977 has targeted the education sector with password spraying attacks over the past year.
- The AzureChecker.exe tool connects to an external server to retrieve AES-encrypted data for attack execution.
- Successful compromises can lead to unauthorized resource creation and illicit cryptocurrency mining.
- Containers are vulnerable to various types of attacks, including compromised cloud credentials and misconfigurations.
- Organizations should secure container environments and monitor API requests to prevent such attacks.
Source: https://thehackernews.com/2025/04/storm-1977-hits-education-clouds-with.html