Storm-1977 Targets Education Sector Clouds, Deploys Over 200 Crypto Mining Containers
- Jhade
- 2 hours ago
- 1 min read
Microsoft has disclosed that a cybercriminal group known as Storm-1977 has been exploiting vulnerabilities in educational cloud environments, executing a widespread attack campaign using a tool called AzureChecker.exe.
According to the Microsoft Threat Intelligence team, Storm-1977 launched password spraying attacks against cloud tenants, primarily targeting the education sector. They utilized AzureChecker, a Command Line Interface (CLI) tool, to automate these attacks, retrieving encrypted target lists from an external server and using credential files to validate access to compromised accounts.
Once access was gained — often through guest accounts — the attackers created resource groups inside compromised subscriptions. In a notable instance, they deployed over 200 containers within a hijacked resource group, specifically for illicit cryptocurrency mining.
Microsoft emphasized the broader risks cloud users face, noting that containerized assets like Kubernetes clusters and container registries are particularly vulnerable. Threats include misuse of compromised credentials, vulnerabilities in container images, and poorly secured management interfaces.
To defend against such attacks, experts recommend securing container deployments, monitoring Kubernetes API activities, enforcing policies against untrusted registries, and regularly scanning images for vulnerabilities.
This incident is a fresh reminder that as organizations increasingly migrate to cloud services, robust security practices are no longer optional — they are essential.
