US Government Blames China For Microsoft Exchange Hack – CRN

china us flags2 400 ProxyEgg US Government Blames China For Microsoft Exchange Hack - CRN

The Biden administration has formally accused hackers affiliated with China’s Ministry of State Security (MSS) of exploiting Microsoft Exchange Server vulnerabilities in a massive cyberattack.

The United States government teamed up with the European Union, the United Kingdom and NATO to condemn China’s malicious cyber activities, which include ransomware operations against private companies with multi-million-dollar ransom demands. But unlike what Russia faced following the SolarWinds attack, the U.S. stopped short of issuing any sanctions or formal punishment against China.

“No one action can change China’s behavior in cyberspace and neither can just one country acting on its own,” a senior Biden administration official said during a background press call. “We really focused initially in bringing other countries along with us … And we’re not ruling out further actions to hold the PRC [People’s Republic of China] accountable.”

[Related: Microsoft Exchange Server Attacked By Chinese Hackers]

The next step needs to include imposing sanctions on Chinese actors for their unconstrained and untargeted hacking of Microsoft Exchange servers, said Dmitry Alperovitch, co-founder and former CTO of CrowdStrike. “Given that sanctions have already been used against virtually every other rogue cyber nation state, not using them against China is a glaring oversight,” Alperovitch wrote on Twitter Monday.

Microsoft back in March attributed the attack against on-premises versions of Exchange Server to Hafnium, a Chinese state-sponsored hacking group. Chinese hackers exploited the Microsoft Exchange vulnerabilities to compromise tens of thousands of computers and networks worldwide, resulting in significant remediation costs for its mostly private sector victims, according to the Biden administration.

“Attributions like these will help the international community ensure those behind indiscriminate attacks are held accountable,” Tom Burt, Microsoft’s Corporate Vice President of Customer Security and Trust, said in a statement. “The governments involved in this attribution have taken an important and positive step that will contribute to our collective security.”

China’s MSS uses criminal contract hackers to carry out cyber-enabled extortion, crypto-jacking, and theft from victims around the world for financial gain, according to the Biden administration official. Individuals affiliated with the MSS also made a large ransom demand of an American company, the official said.

“Responsible states do not indiscriminately compromise global network security nor knowingly harbor cyber criminals – let alone sponsor or collaborate with them,” Secretary of State Antony Blinken said in a statement. “These contract hackers cost governments and businesses billions of dollars in stolen intellectual property, ransom payments, and cybersecurity mitigation efforts.”

As part of the coordinated announcement, the National Security Agency (NSA), Cybersecurity and Infrastructure Security Agency (CISA), and Federal Bureau of Investigation (FBI) revealed more than 50 tactics, techniques, and procedures Chinese state-sponsored cyber actors used when targeting U.S. and allied networks.

Chinese state-sponsored cyber activity targets the U.S. political, economic, military, educational and critical infrastructure personnel and organizations, according to Monday’s joint cybersecurity advisory. Cyber actors affiliated with China have in the past several years attempted to obtain and transfer sensitive U.S. software and technology to China, according to CISA.

Chinese threat actors attempt to mask their activities by using a revolving series of virtual private servers (VPSs) and common open-source or commercial penetration tools, according to the advisory. The cyber actors use VPS as an encrypted proxy as well as small office and home office (SOHO) devices as operational nodes to evade detection, the advisory found.

They consistently scan target networks for critical and high vulnerabilities within days of the flaw’s public disclosure, the advisory stated. In many cases, CISA said Chinese cyber actors seek to exploit vulnerabilities in major applications such as Pulse Secure, Apache, F5, Big-IP and Microsoft products.

To defend against Chinese state-sponsored cyber actors, federal authorities urge businesses to patch critical and high vulnerabilities that allow for remote code execution or denial-of-service on externally facing equipment. Organizations should also review network signatures and indicators for focused activities, monitor for new phishing themes, and adjust email rules accordingly, the advisory stated.

Companies should follow best practices around restricting attachments via email and blocking URLs and domains based upon reputation, according to the advisory. Finally, authorities urged businesses to implement anti-virus software and other endpoint protection capabilities to automatically detect and prevent malicious files from executing.

“The U.S. Intelligence Community assessed that the PRC presents a prolific and effective cyber-espionage threat, possesses substantial cyberattack capabilities, and presents a growing influence threat,” CISA wrote Monday. “[It] leverages cyber operations to assert its political and economic development objectives.”

Source of this news: https://www.crn.com/news/security/u-s-government-blames-china-for-microsoft-exchange-hack

Related posts:

How To Watch Geo-Restricted Content Anywhere? - Qrius
Preventing someone from accessing a particular website based on their geographic location is called geo-blocking. VoD services often block users from accessing their content based on their geographic...
Berkshire Grey Unveils Next Generation of Intelligent Enterprise Robotic Picking and Advanced Mobili...
BEDFORD, Mass., June 17, 2021 (GLOBE NEWSWIRE) -- Berkshire Grey, the leader in AI-enabled robotic solutions that automate supply chain processes, launched the next generation of Intelligent Enterpri...
Zenscrape: A Simple Web Scraping Solution for Penetration Testers - The Hacker News
Did you ever try extracting any information from any website? Well, if you have then you have surely enacted web scraping functions without even knowing it!To put in simpler terms, Web scraping, o...
Rights group says website attacked during commemoration of killings - Philstar.com
MANILA, Philippines — Local human rights watchdog Karapatan on Thursday decried renewed cyberattacks against its website at karapatan.org. In a statement, the rights group said this ca...
How to Run Google SERP API Without Constantly Changing Proxy Servers - The Hacker News
You've probably run into a major problem when trying to scrape Google search results. Web scraping tools allow you to extract information from a web page. Companies and coders from across the world u...
Ditto raises $9M to connect devices peer-to-peer - VentureBeat
Join gaming leaders, alongside GamesBeat and Facebook Gaming, for their 2nd Annual GamesBeat & Facebook Gaming Summit | GamesBeat: Into the Metaverse 2 this upcoming January 25-27, 2022. Learn mor...
Vulnerability Could Expose HAProxy to HTTP Request Smuggling Attack | eSecurityPlanet - eSecurity Pl...
A critical vulnerability discovered in the open-source load balancer and proxy server HAProxy could enable bad actors to launch an HTTP Request Smuggling attack, which would let them bypass security ...
Shape 424B4 Argo Blockchain Plc - StreetInsider. com
History of Share Cash Found on incorporation, the issued as well as , allotted share capital appeared to be to £1 divided into 1 peculiar share of £1. Concerned with December  20, 2017:...
Google's Latest Tracking Nightmare For Chrome Comes In Two Parts - Forbes
A worrying new update from Google that hasn’t yet made headlines has put Chrome’s 2.6 billion users at risk. If you’re one of those users, this just gave you a reason to quit. Chrome has serious...
Way DEF 14A Rani Therapeutics Holdin For: May 25-pound - StreetInsider. com
The table in their official website details the amounts energized by ICL for businesses and rent, net of this amount that RMS costed ICL of $0. 6  million and $0. 4  million for the yea...
Apple is turning privacy into a business advantage, not just a marketing slogan - CNBC
Tim CookSource: AppleApple unveiled new versions of its operating systems on Monday which showed that the company's focus on privacy has taken a new turn. It's not just a corporate ideal or a marketi...
The Spamhaus Project - Frequently Asked Questions (FAQ) - Spamhaus
Abuse Desk Abuse Desk is the common name for the group of network administrators charged with enforcing Acceptable Use Policy/Terms of Service agree...
ShotCut 21.09.20 - Neowin
Shotcut is a free, open source, cross-platform video editor for Windows, Mac and Linux. Major features include support for a wide range of formats; no import required meaning native timeline editing...
As to the reasons do you need a VPN when on Public Wi-Fi? a substantial South Florida Caribbean News...
Whenever you are connected to populace Wi-Fi, you must think twice initially using that connection. You will probably be thinking that if your device is always connected to the internet, then it to...
Threat actors and researchers actively scanning for ProxyShell vulnerabilities warn - Texasnewstoday...
Researchers warn that attackers are currently scanning the Internet for Microsoft Exchange Server instances that have not been patched for the Proxy Shell vulnerability. The technical details of the...
Microsoft Exchange server being hacked by the new LockFile ransomware - Illinoisnewstoday.com
A new ransomware gang, known as LockFile, uses a recently published ProxyShell vulnerability to encrypt a Windows domain after hacking into a Microsoft Exchange server. ProxyShell is the name of an ...
The world's worst kept secret and the truth behind passwordless technology - Help Net Security
One of the biggest security risks of modern-day business is the mass use of passwords as the prime authentication method for different applications. When the technology was first developed, passwords...
HAProxy Found Vulnerable to Critical HTTP Request Smuggling Attack a considerable Internet
A critical assurance vulnerability has been disclosed regarding HAProxy , a widely used open-source insert balancer and proxy internet protokol, that could be abused by a adversary to possibly...

IP Rotating Proxy Onsale

SPECIAL LIMITED TIME OFFER

00
Months
00
Days
00
Hours
00
Minutes
00
Seconds
First month free with coupon code FREE30