Commvault Updates Security Advisory After Nation-State Threat Actor Activity in Azure
Ddos 
Commvault has issued a crucial update to its March 7, 2025, security advisory following the detection of continued activity by a nation-state threat actor within its Azure environment. Although the incident impacted a small number of customers—those shared with Microsoft—the company stresses that “there has been no unauthorized access to customer backup data that Commvault stores and protects, and no material impact on our business operations or our ability to deliver products and services.”
The ongoing investigation, initiated after Microsoft alerted Commvault to suspicious behavior on February 20, 2025, confirms that the threat actor exploited a zero-day vulnerability, which has since been patched. Commvault activated its incident response plan immediately and engaged top-tier cybersecurity firms, while also coordinating with the FBI, CISA, and other relevant authorities.
In response to the incident, Commvault has implemented multiple layers of enhanced protection, including:
- Enhanced key rotation protocols
- Strengthened monitoring rules
- Sharing of best practices and indicators of compromise (IOCs)
The company emphasized its ongoing commitment to transparency and collaborative defense: “No company is immune to an attack. We believe that sharing information and working together makes us all more resilient.”
To bolster defenses and prevent unauthorized access, Commvault recommends the following actions:
- Apply Conditional Access policies to all Microsoft 365, Dynamics 365, and Azure AD single-tenant App registrations.
- Rotate and sync client secrets between Azure and Commvault every 90 days.
- Monitor sign-in activity to detect attempts from outside approved IP ranges.
- Block known malicious IP addresses, including: 108.69.148.100, 128.92.80.210, 184.153.42.129, 108.6.189.53, and 159.242.42.20.
If any access attempts from these IPs are observed, the company urges users to “report the incident immediately to Commvault Support for further analysis and action.”
For detailed documentation, configuration guidance, and updated best practices, Commvault has provided supporting links:
Related Posts:
- Commvault Addresses Critical Webserver Vulnerability
- CVE-2025-34028: Critical RCE Flaw in Commvault Command Center Scores CVSS 10
- Suspected Nation-State Adversary Exploits Ivanti CSA in a Series of Sophisticated Attacks
- 600 Million Daily Cyberattacks: Microsoft’s Alarming Report
- Cybersecurity Vendors Under Siege: A Deep Dive into Real-World Attacks
Donate