Microsoft says it disrupted operations of a nation-state threat group that was using its Azure cloud infrastructure for cyber attacks. Microsoft refers to the actor by the name Gadolinium and says it’s been active for about a decade targeting organizations in the maritime and health industry; more recently, the hackers expanded focus to higher education and regional government entities. Earlier this year, in April, the company removed the 18 Azure Active Directory applications the group used for their command and control infrastructure. These were part of the actor’s custom version of the. PowerShell Empire post-exploitation toolkit that enabled them to deploy malicious modules on a compromised computer.
Source: https://www.bleepingcomputer.com/news/security/microsoft-disrupts-nation-state-hacker-op-using-azure-cloud-service/