Commvault, a number one supplier of information safety options, says a nation-state menace actor who breached its Azure setting did not achieve entry to buyer backup information.
Listed on NASDAQ since March 2006, Commvault is included within the S&P MidCap 400 Index and supplies cyber resilience companies to overĀ 100,000 organizations.
As the corporate first revealed on March 7, 2025, Commvault found the incident after being notified by Microsoft on February 20 of suspicious exercise inside its Azure setting. A follow-up investigation into the breach discovered that the incident solely affected a small variety of Commvault clients and had not impacted the corporate’s operations.
“Importantly, there was no unauthorized entry to buyer backup information that Commvault shops and protects, and no materials affect on our enterprise operations or our capacity to ship services and products,” Danielle Sheer, the corporate’sĀ Chief Belief Officer,Ā stated in a Wednesday replace.
“We’re working carefully with two main cybersecurity corporations and are coordinating with the suitable authorities, together with the FBI, Cybersecurity and Infrastructure Safety Company (CISA), and others.”
In a assist doc containing indicators of compromise, Commvault advises clients to use a Conditional Entry coverage to all Microsoft 365, Dynamics 365, and Azure AD single-tenant App registrations to guard their information towards related assault makes an attempt.
It additionally really helpful to commonly monitor sign-in exercise to detect entry makes an attempt originating from IP addresses exterior of allowed ranges and to rotate and sync shopper secrets and techniques between Commvault and the Azure portal each 90 days.
“This may also help shortly establish potential safety breaches or account compromises. If any unauthorized entry is detected, instantly report the incident to Commvault Help for additional investigation and remediation,” the corporate says.
The corporate additionally famous within the unique disclosure that the menace actors exploited a now-patched zero-day vulnerability (CVE-2025-3928) in its Commvault Net Server software program that distant authenticated attackers with low privileges can exploit remotely to plant webshells on track servers.
CISA has additionally added the CVE-2025-3928 vulnerability to its Identified Exploited Vulnerabilities Catalog on Monday, requiring federal businesses to safe their Commvault software program by Could 19, 2025, as mandated by the Binding Operational Directive (BOD) 22-01 issued in November 2021.
“A majority of these vulnerabilities are frequent assault vectors for malicious cyber actors and pose important dangers to the federal enterprise,” CISA warned.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and the right way to defend towards them.
