HomeLatest ThreadsGreatest ThreadsForums & GroupsMy SubscriptionsMy Posts
DU Home » Latest Threads » Forums & Groups » Topics » Foreign Affairs & National Security » National Security & Defense (Group) » Microsoft hack: White Hou...

Sat Mar 6, 2021, 10:37 AM

Microsoft hack: White House warns of 'active threat' of email attack

Source: BBC

Microsoft hack: White House warns of 'active threat' of email attack

6 March 2021

The US is expressing growing concern over a hack on Microsoft's Exchange email software that the tech company has blamed on China.

"This is an active threat," White House press secretary Jen Psaki said on Friday. "Everyone running these servers - government, private sector, academia - needs to act now to patch them."

Microsoft said hackers had used its mail server to attack their targets.

It is reported that tens of thousands of US organisations may be impacted.

The US has long accused the Chinese government of cyber-espionage, something Beijing denies.

Ms Psaki told reporters that the White House was "concerned that there are a large number of victims" and said the vulnerabilities found in Microsoft's servers "could have far reaching impacts".


Read more: https://www.bbc.com/news/world-us-canada-56304379


Source: Microsoft

New nation-state cyberattacks

Mar 2, 2021 | Tom Burt - Corporate Vice President, Customer Security & Trust

Today, we’re sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we’re discussing its activity. It is a highly skilled and sophisticated actor.

Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.

Recently, Hafnium has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software. To date, Hafnium is the primary actor we’ve seen use these exploits, which are discussed in detail by MSTIC here. The attacks included three steps. First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what’s called a web shell to control the compromised server remotely. Third, it would use that remote access – run from the U.S.-based private servers – to steal data from an organization’s network.

We’re focused on protecting customers from the exploits used to carry out these attacks. Today, we released security updates that will protect customers running Exchange Server. We strongly encourage all Exchange Server customers to apply these updates immediately. Exchange Server is primarily used by business customers, and we have no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products.

Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack.


Read more: https://blogs.microsoft.com/on-the-issues/2021/03/02/new-nation-state-cyberattacks/

2 replies, 1191 views

Reply to this thread

Back to top Alert abuse

Always highlight: 10 newest replies | Replies posted after I mark a forum
Replies to this discussion thread
Arrow 2 replies Author Time Post
Reply Microsoft hack: White House warns of 'active threat' of email attack (Original post)
Eugene Mar 2021 OP
RocRizzo55 Mar 2021 #1
ItsjustMe Mar 2021 #2

Response to Eugene (Original post)

Sat Mar 6, 2021, 11:10 AM

1. Oh come on now!

Haven't these Exchange servers been the Swiss Cheese of E-Mail servers for many years now?
Haven't they been hacked many times in the past?
They get patched so often, they might as well be called patchware, not software.
Anyone running an unpatched Exchange Server, deserves to be fired. They do not belong in IT.
I was forced to go to Exchange years ago, by the bosses, who insisted on Microsoft, because of all the features. They never use many of them, but they want them any way. When I explained the security risks to IT management, they just shrugged, and said that they still wanted Exchange.
The money alone that they could have changed, by running the mail off of the UNIX system they had, where it was built-in, was astronomical. No software license, except for the original OS, and no license fee per user.
Now they have what they want, with someone else running it, I am retired, and laughing at them to this day.

Reply to this post

Back to top Alert abuse Link here Permalink

Response to Eugene (Original post)

Sat Mar 6, 2021, 12:33 PM

2. As the Microsoft email software hack spreads ...

Reply to this post

Back to top Alert abuse Link here Permalink

Reply to this thread