American Government Warns of Attacks on Commvault Cloud App

By Netvora Tech News

---

The US government has warned of attacks on a cloud application used by organizations to make backups, and believes the attacks are part of a larger campaign targeting cloud applications from SaaS providers running with standard configurations and elevated privileges. This alert comes from the Cybersecurity and Infrastructure Security Agency (CISA) of the US Department of Homeland Security. Commvault offers various solutions for backup and restore, including "Metallic", a cloud-based platform for managing, backing up, and restoring data in cloud environments. The CISA reports that attackers have been targeting the Metallic cloud application running in the Microsoft Azure environment of Commvault. In some cases, attackers may have obtained the secrets of the backup solution running in Azure. "This provides unauthorized access to the M365 environment of Commvault customers who have stored application secrets with Commvault," according to the CISA. The government agency advises Commvault customers to monitor their logs and, in certain cases, rotate their secrets. Additionally, it recommends setting up a policy to rotate secrets at least every 30 days. Furthermore, it advises installing the security update for the vulnerability CVE-2025-3928, which the CISA warned of actively being exploited last month. Commvault has also published several security bulletins on the attacks and advises rotating secrets and adjusting rights and permissions.