At least 10 hacking groups using Microsoft software flaw: Researchers

spaminator

Hall of Fame Member
Oct 26, 2009
29,565
1,465
113
At least 10 hacking groups using Microsoft software flaw: Researchers
Author of the article:

Reuters
Raphael Satter and Christopher Bing
Publishing date:
Mar 10, 2021 • 1 hour ago • 2 minute read • Join the conversation

Silhouettes of laptop and mobile device users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. Photo by Dado Ruvic/Illustration /REUTERS
Article content
WASHINGTON — At least 10 different hacking groups are using a recently discovered flaw in Microsoft Corp’s mail server software to break in to targets around the world, cybersecurity company ESET said in a blog post on Wednesday.
The breadth of the exploitation adds to the urgency of the warnings being issued by authorities in the United States and Europe about the weaknesses found in Microsoft’s Exchange software.




The security holes in the widely used mail and calendaring solution leave the door open to industrial-scale cyber espionage, allowing malicious actors to steal emails virtually at will from vulnerable servers. Tens of thousands of organizations have already been compromised, Reuters reported last week, and new victims are being made public daily.
Earlier on Wednesday, for example, Norway’s parliament announced data had been “extracted” in a breach linked to the Microsoft flaws. Germany’s cybersecurity watchdog agency also said on Wednesday two federal authorities had been affected by the hack, although it declined to identify them.
Advertisement

Story continues below


This advertisement has not loaded yet, but your article continues below.
Article content
While Microsoft has issued fixes, the sluggish pace of many customers’ updates – which experts attribute in part to the complexity of Exchange’s architecture – means the field remains at least partially open to hackers of all stripes.
Microsoft did not immediately return a message seeking comment on the pace of customers’ updates. In previous announcements pertaining to the flaws, the company has emphasized the importance of “patching all affected systems immediately.”
Although the hacking has appeared to be focused on cyber espionage, experts are concerned about the prospect of ransom-seeking cybercriminals taking advantage of the flaws because it could lead to widespread disruption.
ESET’s blog post said there were already signs of cybercriminal exploitation, with one group that specializes in stealing computer resources to mine cryptocurrency breaking in to previously vulnerable Exchange servers to spread its malicious software.
ESET named nine other espionage-focused groups it said were taking advantage of the flaws to break in to targeted networks – several of which other researchers have tied to China. Intriguingly, several of the groups appeared to know about the vulnerability before it was announced by Microsoft on March 2.




Ben Read, a manager with cybersecurity company FireEye Inc , said he could not confirm the exact details in the ESET post but said his company had also seen “multiple likely-China groups” using the Microsoft flaws in different waves.
ESET researcher Matthieu Faou said in an email it was “very uncommon” for so many different cyber espionage groups to have access to the same information before it is made public.
He speculated that either the information “somehow leaked” ahead of the Microsoft announcement or it was found by a third party that supplies vulnerability information to cyber spies.
 

spaminator

Hall of Fame Member
Oct 26, 2009
29,565
1,465
113
Microsoft says ransom-seeking hackers taking advantage of server flaws
Author of the article:Reuters
Reuters
Raphael Satter
Publishing date:Mar 12, 2021 • 1 hour ago • 1 minute read • comment bubbleJoin the conversation
A Microsoft logo is seen on an office building in New York City on July 28, 2015.
A Microsoft logo is seen on an office building in New York City on July 28, 2015. PHOTO BY MIKE SEGAR /REUTERS
Article content
WASHINGTON — Ransom-seeking hackers have begun taking advantage of a recently disclosed flaw in Microsoft’s widely used mail server software, the company said early Thursday – a serious escalation that could portend widespread digital disruption.

The disclosure, initially made on Twitter by Microsoft Corp security program manager Phillip Misner and later confirmed by the Redmond, Washington-based company, is the realization of worries that have been coursing through the security community for days.


Since March 2, when Microsoft announced the discovery of serious vulnerabilities in its Exchange software, experts have warned that it was only a matter of time before ransomware gangs began using them to shake down organizations across the internet.

Misner didn’t immediately respond to follow-up messages and Microsoft did not return emails seeking further comment. The U.S. Cybersecurity and Infrastructure Security Agency and the FBI also didn’t immediately respond.


Advertisement
STORY CONTINUES BELOW

This advertisement has not loaded yet, but your article continues below.
Article content

Advertisement
STORY CONTINUES BELOW

This advertisement has not loaded yet, but your article continues below.
Article content
Even though the security holes announced by Microsoft have since been fixed, organizations worldwide have failed to patch their software, leaving them open to exploitation. Experts attribute the sluggish pace of many customers’ updates in part to the complexity of Exchange’s architecture and lack of expertise. In Germany alone, officials have said that up to 60,000 networks remained vulnerable.

All manner of hackers have begun taking advantage of the holes – one security firm recently counted 10 separate hacking groups using the flaws – but ransomware operators are among the most feared.

Those groups work by locking users out of their devices and data unless the victims cough up big chunks of digital currency. They now potentially have access “into a huge number of vulnerable systems,” said Brett Callow of cybersecurity company Emsisoft.


He said more modest companies – many of which lack the ability or awareness to update their software – could be particularly affected by the latest variant of ransomware.

“This is a potentially serious risk to small businesses,” he said.
 

Richardson Bobby

Business Solutions Expert and a DIYer
Jun 15, 2021
5
7
3
Florida
One thing I always liked about Microsoft Solutions is their quick response of issues or threats. They have a solution for all issues. That's what businesses need today. There will always be threats, new challenges, and stronger hackers but technology leaders like Microsoft can always find a counter-solution that will help businesses and people stay safe online.
 

spaminator

Hall of Fame Member
Oct 26, 2009
29,565
1,465
113
Canada joins allies in blaming China for massive attack on email servers
Author of the article:Canadian Press
Canadian Press
Lee Berthiaume
Publishing date:Jul 19, 2021 • 8 hours ago • 3 minute read • 6 Comments
In this file photo a Microsoft logo adorns a building in Chevy Chase, Maryland, May 19, 2021. The U.S. on Monday, July 19, 2021 led allies in a fierce condemnation of China over allegedly "malicious" cyber activity.
In this file photo a Microsoft logo adorns a building in Chevy Chase, Maryland, May 19, 2021. The U.S. on Monday, July 19, 2021 led allies in a fierce condemnation of China over allegedly "malicious" cyber activity. PHOTO BY EVA HAMBACH /AFP via Getty Images
Article content
OTTAWA — Canada joined the United States and other allies on Monday in blaming China for a massive cyberattack that compromised tens of thousands of computers around the world earlier this year.

Advertisement
STORY CONTINUES BELOW

Article content
The attack saw hackers exploit weaknesses in Microsoft Exchange email servers, with the federal government estimating 400,000 servers were compromised before the online assault and server vulnerabilities were revealed in March.


“This activity put several thousand Canadian entities at risk — a risk that persists in some cases even when patches from Microsoft have been applied,” Foreign Affairs Minister Marc Garneau, Public Safety Minister Bill Blair and Defence Minister Harjit Sajjan said in the statement.

“Canada is confident that (China’s) Ministry of State Security is responsible for the widespread compromising of the exchange servers.”


The ministers went on to allege the attack was aimed at stealing intellectual property and personal information, and said one particular group called Advanced Persistent Threat Group 40, which they say previously targeted Canada, was among several Chinese entities involved this time.

Advertisement
STORY CONTINUES BELOW

Article content
“APT 40 almost certainly consists of elements of the Hainan State Security Department’s regional MSS office,” they said.

“This group’s cyber activities targeted critical research in Canada’s defence, ocean technologies and biopharmaceutical sectors in separate malicious cyber campaigns in 2017 and 2018.”

The Canadian Centre for Cyber Security has released information on how to mitigate the threats posed by continued vulnerabilities within Microsoft Exchange servers, the ministers added.

Canada was joined Monday by the U.S., Britain, the European Union and NATO in accusing China of being behind the attacks, the latest round of such public naming and shaming by Western countries as they seek to push back against nefarious online activity by foreign adversaries.

Advertisement
STORY CONTINUES BELOW

Article content
The announcements, though not accompanied by sanctions against the Chinese government, were intended as a forceful condemnation of activities a senior U.S. official described as part of a “pattern of irresponsible behaviour in cyberspace.”

They highlighted the ongoing threat from Chinese government hackers even as the administration remains consumed with trying to curb ransomware attacks from Russia-based syndicates that have targeted critical infrastructure.

The U.K.’s National Cyber Security Centre said the Chinese groups targeted maritime industries and naval defence contractors in the U.S. and Europe and the Finnish parliament.

In a statement, EU foreign policy chief Josep Borrell said the hacking was “conducted from the territory of China for the purpose of intellectual property theft and espionage.”

Advertisement
STORY CONTINUES BELOW

Article content
NATO, in its first public condemnation of China for hacking activities, called on Beijing to uphold its international commitments and obligations “and to act responsibly in the international system, including in cyberspace.”

The Microsoft Exchange hack that months ago compromised tens of thousands of computers around the world was swiftly attributed to Chinese cyber spies by private sector groups.

A spokesperson for the Chinese Embassy in Washington did not immediately return an email seeking comment Monday.

China has previously deflected blame for the hack, with a foreign ministry spokesman saying the country “firmly opposes and combats cyberattacks and cyber theft in all forms,” while cautioning attribution of cyberattacks should be based on evidence and not “groundless accusations.”

Advertisement
STORY CONTINUES BELOW

Article content
The latest round of accusations against China follow not only the Microsoft Exchange server attack, but also a number of high-profile incidents involving ransomware that have targeted public and private infrastructure and operations.

Canada’s cybersecurity agency also released a report last Friday outlining some of the threats that foreign actors could pose during the next federal election, which Prime Minister Justin Trudeau is expected to call in the next few weeks.

The Communications Security Establishment report specifically blamed the majority of online attacks and threats to democratic processes in Canada and other parts of the world since 2015 on China as well as Russia and Iran.

And while Canada may have good defences and not be a major target now, the CSE said a growing number of actors have the tools, capacity and understanding of this country’s political landscape to take action in the future “should they have the strategic intent.”

This report by The Canadian Press was first published July 19, 2021.

— With files from The Associated Press