Subsequently, the attackers aim to access the Instant Metadata Service (IMDS) by exploiting the cloud identity of the SQL Server instance. This tactic yields a cloud identity access key, providing a gateway into the Azure VM.
While Microsoft’s researchers noted that the attackers they observed faced difficulties in completing their mission, this novel approach remains a “valid” threat and poses a significant danger to organizations worldwide. The final step in the attack involves erasing all traces of its existence.
