"Importantly, there has been no unauthorized access to customer backup data that Commvault stores and protects, and no material impact on our business operations or our ability to deliver products and services," Danielle Sheer, the company's Chief Trust Officer, said in a Wednesday update. In a support document containing indicators of compromise, Commvault advises customers to apply a Conditional Access policy to all Microsoft 365, Dynamics 365, and Azure AD single-tenant App registrations to protect their data against similar attack attempts. Commvault, a leading provider of data protection solutions, says a nation-state threat actor who breached its Azure environment didn't gain access to customer backup data. The company also noted in the original disclosure that the threat actors exploited a now-patched zero-day vulnerability (CVE-2025-3928) in its Commvault Web Server software that remote authenticated attackers with low privileges can exploit remotely to plant webshells on target servers. CISA has also added the CVE-2025-3928 vulnerability to its Known Exploited Vulnerabilities Catalog on Monday, requiring federal agencies to secure their Commvault software by May 19, 2025, as mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021. As the company first revealed on March 7, 2025, Commvault discovered the incident after being notified by Microsoft on February 20 of suspicious activity within its Azure environment. It also recommended to regularly monitor sign-in activity to detect access attempts originating from IP addresses outside of allowed ranges and to rotate and sync client secrets between Commvault and the Azure portal every 90 days. If any unauthorized access is detected, immediately report the incident to Commvault Support for further investigation and remediation," the company says. A follow-up investigation into the breach found that the incident only affected a small number of Commvault customers and had not impacted the company's operations. Listed on NASDAQ since March 2006, Commvault is included in the S&P MidCap 400 Index and provides cyber resilience services to over 100,000 organizations.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Wed, 30 Apr 2025 16:25:07 +0000