BACKGROUND
Enterprise data backup platform Commvault has revealed that an unknown nation-state threat actor breached its Microsoft Azure environment by exploiting CVE-2025-3928 but emphasized there is no evidence of unauthorized data access.
RECOMMENDATION
To mitigate the risk posed by such attacks, clients are advised to apply a Conditional Access policy to all Microsoft 365, Dynamics 365, and Azure AD single-tenant app registrations, and rotate and sync client secrets between Azure portal and Commvault every 90 days.
MWCERT also urges users to monitor sign-in activity to detect any access attempts originating from IP addresses outside of the allowlisted ranges.