Welcome to DU!
The truly grassroots left-of-center political community where regular people, not algorithms, drive the discussions and set the standards.
Join the community:
Create a free account
Support DU (and get rid of ads!):
Become a Star Member
Latest Breaking News
Editorials & Other Articles
General Discussion
The DU Lounge
All Forums
Issue Forums
Culture Forums
Alliance Forums
Region Forums
Support Forums
Help & Search
Microsoft hack: White House warns of 'active threat' of email attack
Source: BBC
Microsoft hack: White House warns of 'active threat' of email attack
6 March 2021
The US is expressing growing concern over a hack on Microsoft's Exchange email software that the tech company has blamed on China.
"This is an active threat," White House press secretary Jen Psaki said on Friday. "Everyone running these servers - government, private sector, academia - needs to act now to patch them."
Microsoft said hackers had used its mail server to attack their targets.
It is reported that tens of thousands of US organisations may be impacted.
The US has long accused the Chinese government of cyber-espionage, something Beijing denies.
Ms Psaki told reporters that the White House was "concerned that there are a large number of victims" and said the vulnerabilities found in Microsoft's servers "could have far reaching impacts".
-snip-
6 March 2021
The US is expressing growing concern over a hack on Microsoft's Exchange email software that the tech company has blamed on China.
"This is an active threat," White House press secretary Jen Psaki said on Friday. "Everyone running these servers - government, private sector, academia - needs to act now to patch them."
Microsoft said hackers had used its mail server to attack their targets.
It is reported that tens of thousands of US organisations may be impacted.
The US has long accused the Chinese government of cyber-espionage, something Beijing denies.
Ms Psaki told reporters that the White House was "concerned that there are a large number of victims" and said the vulnerabilities found in Microsoft's servers "could have far reaching impacts".
-snip-
Read more: https://www.bbc.com/news/world-us-canada-56304379
______________________________________________________________________
Source: Microsoft
New nation-state cyberattacks
Mar 2, 2021 | Tom Burt - Corporate Vice President, Customer Security & Trust
Today, we’re sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we’re discussing its activity. It is a highly skilled and sophisticated actor.
Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.
Recently, Hafnium has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software. To date, Hafnium is the primary actor we’ve seen use these exploits, which are discussed in detail by MSTIC here. The attacks included three steps. First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what’s called a web shell to control the compromised server remotely. Third, it would use that remote access – run from the U.S.-based private servers – to steal data from an organization’s network.
We’re focused on protecting customers from the exploits used to carry out these attacks. Today, we released security updates that will protect customers running Exchange Server. We strongly encourage all Exchange Server customers to apply these updates immediately. Exchange Server is primarily used by business customers, and we have no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products.
Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack.
-snip-
Mar 2, 2021 | Tom Burt - Corporate Vice President, Customer Security & Trust
Today, we’re sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we’re discussing its activity. It is a highly skilled and sophisticated actor.
Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.
Recently, Hafnium has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software. To date, Hafnium is the primary actor we’ve seen use these exploits, which are discussed in detail by MSTIC here. The attacks included three steps. First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what’s called a web shell to control the compromised server remotely. Third, it would use that remote access – run from the U.S.-based private servers – to steal data from an organization’s network.
We’re focused on protecting customers from the exploits used to carry out these attacks. Today, we released security updates that will protect customers running Exchange Server. We strongly encourage all Exchange Server customers to apply these updates immediately. Exchange Server is primarily used by business customers, and we have no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products.
Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack.
-snip-
Read more: https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/
2 replies
= new reply since forum marked as read
= new reply since forum marked as read
