Attackers compromised an Azure administrator account without MFA to exploit Azure Batch for cryptocurrency mining. They created batch accounts, requested quota increases through Microsoft support, and deployed Ubuntu pools with malicious start tasks that downloaded scripts from GitHub. These scripts installed Docker and ran
Table of contents
IntroductionBackgroundAttacker’s actionConclusionAppendix A - ba.shAppendix B - 00ca23e288f0686e5721b097f9617e2a05ad84508e84f0c27dee2c97261ae0a1.jsonSort: