Microsoft.Network/virtualNetworks/virtualNetworkPeerings/write
Event
Creates or modifies a virtual network peering, enabling network connectivity for lateral movement across VNets.
Security Context
- Virtual network peering creates direct network connectivity between VNets, bypassing internet routing and enabling traffic flow between previously isolated network segments.
- Adversaries create peering connections to bridge into isolated VNets containing sensitive workloads, databases, or management infrastructure that were intentionally segmented from the compromised network.
Log Source
Azure Activity Log
Sample Event
MITRE ATT&CK Mapping
Tactics: Lateral Movement
Techniques:
- T1599 — Network Boundary Bridging — Adversaries may bridge network boundaries by compromising perimeter network devices or internal devices responsible for network segmentation. Breaching these devices may enable an adversary to bypass restrictions on traffic routing that otherwise separate trusted and untrusted networks.