Microsoft Threat Intelligence has issued a warning about a new campaign by the threat group Storm 1175. This group is now targeting organizations that use autonomous agents in their main business processes. These agents perform complex tasks by interacting with various software and databases. Storm 1175 uses a new type of exploit designed to change how these automated systems make decisions. By intercepting instructions sent to the agents, the attackers can redirect critical actions to serve their own purposes. This development shows the new security challenges businesses face as they move from traditional software to increasingly dynamic self-managing digital systems.
Deconstructing the Technique of Logic Manipulation
Stomp 1175 mainly uses a method called instruction injection. In this attack, the hacker adds harmful commands to the data that a digital agent is configured to handle. Since these agents are built to be helpful, they might interpret hidden commands as genuine user requests. For instance, a customer service agent could be tricked into sending out sensitive records while trying to help with a normal question. The agent simply follows its programming, not realizing the command came from an attacker. This method bypasses standard security systems, which usually look for malicious code rather than malicious instructions.
Storm 1175 also targets the CAP knowledge and the CAP retrieval systems that these agents use. Most autonomous systems get their information from a CAP internal CAP library to answer questions or perform tasks. Attackers try to disrupt these libraries with false information or logic traps. When an agent uses this breached data, it can cause a series of actions that benefit the attacker, such as lowering security settings or giving the attacker temporary admin access. Since the agent behaves like a regular user, these actions often go undetected by standard security tools.
Exploiting Autonomous Connectivity and Integration
One major risk in the Storm 1175 campaign is the high level of connectivity between digital assistants, which grants access to business applications such as email, finance, and project management tools. While this linkage is helpful, it means that if one agent is compromised, damage can spread widely. Storm 1175 can use an agent’s real credentials to move across the network, acting as a trusted insider and causing harm without triggering standard malware detection.
Microsoft’s research shows that Storm 1175 is especially focused on the supply chain of these automated systems. They go after third-party companies that create the logic framework for digital agents. If they compromise just one provider, Storm 1175 could affect hundreds of organizations at once. This hub-and-spoke attack method is highly efficient for them, enabling them to reach many targets with little effort. Companies should check the security of their automation partners as carefully as they do for standard software vendors.
Strengthening The Defensive Parameter For Automated Platforms
To defend against Storm 1175, Microsoft recommends a zero-trust approach to agent permissions. Digital agents should only get the minimum access they need to do their jobs. This principle of least privilege means that even if an agent is compromised, it cannot cause much harm. Also, any high-impact actions by an agent should require a clear human confirmation. This extra step helps catch risky actions, such as deleting data or transferring large files, so the system does not follow harmful instructions without someone checking first.
Adding instruction filtering at the gateway is another important defense. This means using a separate, tightly controlled system to check the inputs sent to the main agent. The filter looks for signs of instruction injection and blocks suspicious commands before they reach the agent’s core logic. Microsoft also recommends setting up behavioral baselines for each agent. For example, if an agent that usually handles HR tasks suddenly tries to access financial files, the system should immediately trigger a security lockdown. This quick response helps catch compromised logic before it leads to a serious breach.
Monitoring The Developing Threat Horizon
Storm 1175’s actions signal a shift from targeting people to targeting machines with social engineering. Instead of tricking users, attackers now manipulate automated agents. This development requires new tools for monitoring how agents make decisions. Old logs showing file access can’t show the full picture. Security teams must trace the logic flow behind each action to identify which instructions were used to compromise the system.
Microsoft is working with global partners to create a standard registry of known logic exploits for real-time sharing of Storm 1175’s tactics. Like a virus definition file, this registry helps automated systems spot and block harmful instructions, aiming to build collective immunity so attacks become harder and costlier, deterring groups like Storm 1175.
Establishing a Standardized Registry for Autonomous Defense
As digital systems become more integrated into corporate infrastructure, organizations are evolving their security structures to adapt. Network environments now require constant monitoring and defense. Security is increasingly defined by the strength and consistency of logical protections, not just by password security. In the future, effective logic-based defenses will reduce fears about hidden attackers. Security will rely on dependable processes that maintain system integrity. Companies will benefit from persistent, logic-driven security that continuously verifies and protects digital operations.
Source: Storm-1175 focuses gaze on vulnerable web-facing assets in high-tempo Medusa ransomware operations
