Storm-1977 Hits Education Clouds with AzureChecker, Deploys 200+ Crypto Mining Containers
Apr 27, 2025
Kubernetes / Cloud Security
 Microsoft has revealed that a threat actor it tracks as Storm-1977 has conducted password spraying attacks  against cloud tenants in the education sector over the past year.  "The attack involves the use of AzureChecker.exe, a Command Line Interface (CLI) tool that is being used by a wide range of threat actors," the Microsoft Threat Intelligence team said  in an analysis.  The tech giant noted that it observed the binary to connect to an external server named "sac-auth.nodefunction[.]vip" to retrieve an AES-encrypted data that contains a list of password spray targets.    The tool also accepts as input a text file called "accounts.txt" that includes the username and password combinations to be used to carry out the password spray attack.  "The threat actor then used the information from both files and posted the credentials to the target tenants for validation," Microsoft said.   In one successful instance of account compromise observed by Redm...