Security researchers have discovered a malware campaign that leverages Microsoft Azure Functions to host its command and control (C2) infrastructure. By abusing a legitimate cloud service, attackers are able to mask their activity, evade traditional security defenses, and maintain persistence within targeted environments.
Azure Functions, which allow developers to run lightweight applications without managing servers, have become a favorite channel for threat actors. The malware uses these functions as a communication pathway, making malicious traffic look like normal cloud usage. This complicates detection since many enterprises already trust Microsoft cloud platforms.
Once deployed, the malware permits remote command execution, sensitive data exfiltration, and lateral movement across enterprise networks. Using cloud-native services also lets attackers scale operations quickly and abandon infrastructure with minimal cost, making attribution and takedown much harder.
Industries at Risk
- Finance
- Healthcare
- Education
- Technology
These industries often depend heavily on Azure-based services for daily operations and cloud workloads. They are especially vulnerable when visibility, monitoring, or cloud security posture is weak.
What You Should Do
- Increase visibility into cloud workloads and monitor Azure Functions usage
- Strengthen access controls for cloud functions, and enforce least privilege
- Deploy advanced threat detection that can spot anomalies even in trusted platforms
- Audit cloud logs for unusual behavior in serverless or function-based components
- Include cloud service abuse scenarios in incident response planning
About COE Security
COE Security partners with organizations in financial services, healthcare, retail, manufacturing, and government to secure AI-powered systems and ensure compliance. Our offerings include:
- AI-enhanced threat detection and real-time monitoring
- Data governance aligned with GDPR, HIPAA, and PCI DSS
- Secure model validation to guard against adversarial attacks
- Customized training to embed AI security best practices
- Penetration Testing (Mobile, Web, AI, Product, IoT, Network & Cloud)
- Secure Software Development Consulting (SSDLC)
- Customized CyberSecurity Services
We help finance and healthcare organizations safeguard cloud functions, assist educational institutions protect data pipelines, enable technology and media companies to secure serverless infrastructure, and support compliance across the board.
Follow COE Security on LinkedIn for ongoing insights into cloud threat defense and safe cloud operations.