News

Supply chain attacks are all the rage right now (although certainly not new). These attacks are part of what appears to be a multi-pronged shift in the threat landscape. While attacks on the endpoint and users are still happening, we are also seeing expanded efforts in targeting edge devices, networking equipment, and an increased focus on open-source repositories. Recently a new campaign was discovered that is leveraging open-sourced software supply chain attacks in an effort to target the banking sector.

After a recent attack on Federal Civilian Execute Branch (FCEB) Agencies by an APT (Advanced Persistent Threat) group currently suspected of being a nation-state group from China, (whew that was a long start), It has come to the attention of some cloud researchers that these signing keys are not just useful for attacking Exchange Online. According to cloud security company Wiz these MSA Keys can be used to forge tokens for anything that relies on Microsoft Azure AD (Entra ID) Identity services.

Last week Microsoft, the FBI, and CISA made disclosed several attacks on Federal Civilian Executive Branch agencies and other targets of a campaign that appeared to be driven by a new threat group out of China. The attack we detected and tracked down using internal logging available to the GCC low-side tenants and with the help of Microsoft. Fortunately, GCC (Government Cloud Computing) Low Side is not supposed to contain or pass any classified information. It is intended to be used by government agencies and contractors that do not need or have authorization to access anything more than routine sensitive information. This does not reduce the seriousness of the attack and does beg the question on how well the tenants were secured by the cybersecurity teams involved, but at least nothing National Security related was compromised.

The UEFI (Unified Extensible Framework Interface) was the replacement for the old BIOS (Basic Input Output System). It was intended as an improvement to the underlying systems on a motherboard (also called mainboard) the motherboard controls communication between all components connected to it from CPUs, to memory, to GPUs, disk or solid-state drives, network cards… you get the picture. The old BIOS was limited and also susceptible to compromise in a number of rather simple ways. By moving to UEFI systems could become more complex without issues potential hardware conflicts, the UEFI structure was also much faster than the BIOS system meaning that as overall computing increased in speed the underlying controls for different components was up to the task.