•   
  •   
  •   

World ‘Active threat’: Chinese hackers target 30,000 US entities

09:05  06 march  2021
09:05  06 march  2021 Source:   aljazeera.com

Cybercrime groups are selling their hacking skills. Some countries are buying

  Cybercrime groups are selling their hacking skills. Some countries are buying Nation-state hacking groups don't need to do the work themselves anymore: they can hire criminal gangs to breach targets for them - with the added bonus that it's harder to trace the attack back to them, say researchers.Cyber-criminal hacking operations are now so skilled that nation-states are using them to carry out attacks in an attempt to keep their own involvement hidden.

At least 30 , 000 US organizations including local governments have been hacked in recent days by an "unusually aggressive" Chinese cyber-espionage campaign, according to a computer security specialist. The campaign has exploited recently discovered flaws in Microsoft Exchange software, stealing email and infecting computer servers with tools that let attackers take control remotely, Brian Krebs said in a post at his cyber security news website. "This is an active threat ," White House spokeswoman Jennifer Psaki said when asked about the situation during a press briefing.

Microsoft has confirmed that threat actors, attributed to state-sponsored Chinese operatives, are attacking Microsoft Exchange Server installations using multiple zero-day exploits. Beaumont isn't known for exaggerating risk, quite the opposite, so when he says something like this you know it is, in his words, the real deal. Indeed, Satnam Narang, a staff research engineer at Tenable, said that "while Microsoft says that HAFNIUM primarily targets entities within the United States , other researchers say they have seen these vulnerabilities being exploited by different threat actors targeting other regions."

At least 30,000 US organisations including local governments have been hacked in recent days by an “unusually aggressive” Chinese cyber-espionage campaign, according to a computer security specialist.

a screen shot of a video game remote control: Hafnium has targeted US-based companies in the past, including infectious disease researchers, law firms, universities, defence contractors, think-tanks, and NGOs [File: Justin Sullivan/Getty Images via AFP] © Hafnium has targeted US-based companies in the past, including infectious disease researchers, law f... Hafnium has targeted US-based companies in the past, including infectious disease researchers, law firms, universities, defence contractors, think-tanks, and NGOs [File: Justin Sullivan/Getty Images via AFP]

The campaign has exploited recently discovered flaws in Microsoft Exchange software, stealing email and infecting computer servers with tools that let attackers take control remotely, Brian Krebs said in a post at his cybersecurity news website.

U.S. issues warning after Microsoft says China hacked its mail server program

  U.S. issues warning after Microsoft says China hacked its mail server program All federal government agencies have until noon Friday to download the latest software update to block the perpetrator.The perpetrator, Microsoft said in a blog post, is a hacker group that the company has “high confidence” is working for the Chinese government and primarily spies on American targets. The latest software update for Exchange blocks the hackers, prompting the U.S. Cybersecurity and Infrastructure Security Agency to issue a rare emergency directive that requires all government networks do so.

In December, two Chinese nationals were charged with hacking more than 45 companies in coordination with China 's state security service. Deputy Attorney General Rod Rosenstein said that this level of "outright cheating and theft gives China an unfair advantage at the expense of law-abiding Talking of Google, cast your minds back to the company's statement issued in 2010: " We [have] detected a highly sophisticated and targeted attack on our corporate infrastructure originating from China that resulted in the theft of intellectual property from Google This attack was not just on Google.

" We haven't seen any follow-on activity yet," he said. " We 're going to find a lot of companies affected but a smaller number of companies actually exploited." Microsoft said targets included infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks The hackers allegedly exploited Microsoft's vulnerabilities to hack into the Exchange Server, enabling them to scramble email accounts and install malware for long-term access. Microsoft urged its users to download software patches upon detecting several 0-day exploits being used to attack on-premises

“This is an active threat,” White House spokeswoman Jennifer Psaki said when asked about the situation during a press briefing on Friday.

“Everyone running these servers needs to act now to patch them. We are concerned that there are a large number of victims,” she added.

After Microsoft released patches for the vulnerabilities on Tuesday, attacks “dramatically stepped up” on servers not yet updated with security fixes, said Krebs, who cited unnamed sources familiar with the situation.

“At least 30,000 organisations across the United States – including a significant number of small businesses, towns, cities and local governments – have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations,” Krebs wrote in the post.

As China Gray Zone Warfare Escalates, U.S. May Stand to Lose First Shooting Battle

  As China Gray Zone Warfare Escalates, U.S. May Stand to Lose First Shooting Battle "I think China now has adequate forces, including air, missile, electronic warfare, spec ops, naval, undersea and nuclear to likely prevail in the first phase and perhaps in subsequent phases too," Lyle Goldstein of the Naval War College's China Maritime Studies Institute told Newsweek.But one wrong move could lead to catastrophe, or even all-out conflict. And if a shooting battle does break out, there's a solid chance the U.S. could lose the first fight with the People's Liberation Army.

Russian, Chinese hacking groups target pharma companies for Covid-19 data. Chinese hackers targeted Indians with e-shopping scams, says report. Chinese cyber-attack threat raises head again, PowerMin accepts past cases. At least one connection opened by Chinese state -sponsored hackers into the network system of an Indian port is still active , even as authorities block attempts to penetrate the South Asian nation’s electrical sector, according to the US firm that alerted officials.

Hackers linked to the Chinese government are trying to steal coronavirus-related research on vaccines, treatments and testing, the FBI and a U . S . cybersecurity agency warned. The FBI, in a joint statement with the Cybersecurity and Infrastructure Security Agency, said it is investigating "the targeting and compromise of U . S . organizations conducting COVID-19-related research by [People's Republic of China ]-affiliated cyber actors and non-traditional collectors." The hackers have been caught attempting to "identify and illicitly obtain valuable intellectual property" and public health data

He reported that insiders said hackers have “seized control” of thousands of computer systems around the world using password-protected software tools slipped into systems.

‘Hafnium’

Microsoft said early this week that a state-sponsored hacking group operating out of China is exploiting previously unknown security flaws in its Exchange email services to steal data from business users.

The company said the hacking group, which it has named “Hafnium,” is a “highly skilled and sophisticated actor”.

Hafnium has targeted US-based companies in the past, including infectious disease researchers, law firms, universities, defence contractors, think-tanks, and NGOs.

In a blog post on Tuesday, Microsoft executive Tom Burt said the company had released updates to fix the security flaws, which apply to on-premises versions of the software rather than cloud-based versions, and urged customers to apply them.

FireEye finds evidence Chinese hackers exploited Microsoft email app flaw since January

  FireEye finds evidence Chinese hackers exploited Microsoft email app flaw since January Cybersecurity group FireEye on Thursday night announced it had found evidence that hackers had exploited a flaw in a popular Microsoft email application since as early as January to target groups across a variety of sectors. © The Hill FireEye finds evidence Chinese hackers exploited Microsoft email app flaw since January FireEye analysts wrote in a blog post that the company had observed the hackers - who Microsoft announced earlier this week were a Chinese state-sponsored hacking group known as "Hafnium" - exploiting vulnerabilities in Microsoft's Exchange Server email program to target at least one FireEye client

Hackers working with the Chinese government targeted firms developing vaccines for the coronavirus and stole hundreds of millions of dollars worth of intellectual property and trade secrets from companies across the world, the Justice Department said Tuesday as it announced criminal charges. The indictment does not accuse the two Chinese defendants of actually obtaining the coronavirus research, but it does underscore the extent to which scientific innovation has been a top target for foreign governments and criminal hackers looking to know what American companies are developing during

Two Chinese hackers , 34 and 33, are charged with trying to steal US coronavirus vaccine research and 'hundreds of millions of dollars' worth of other sensitive government information. 'The hackers stole terabytes of data which comprised a sophisticated and prolific threat to U . S . networks,' Assistant Attorney General for National Security John Demers said during a press conference. The two men were indicted by a grand jury for the purported hacking campaign, which not only targeted companies in the US , but also in Australia, Belgium, Germany, Japan, Lithuania, the Netherlands, Spain, South Korea

“We know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems,” he added at the time.

Microsoft said the group was based in China but operated through leased virtual private servers in the United States, and that it had briefed the US government.

Beijing has previously hit back at US accusations of state-sponsored cyber-theft. Last year, it accused Washington of smears following allegations that Chinese hackers were attempting to steal coronavirus research.

In January, US intelligence and law enforcement agencies said Russia was probably behind the massive SolarWinds hack that shook the government and corporate security, contradicting then-President Donald Trump, who had suggested China could be to blame.

Microsoft said Tuesday the Hafnium attacks “were in no way connected to the separate SolarWinds-related attacks”.

According to reports, more attacks are expected from other hackers.

The hackers have only used the back doors to re-enter and move around the infected networks in a small percentage of cases, probably less than one in 10, the person working with the government said.

“A couple hundred guys are exploiting them as fast as they can,” stealing data and installing other ways to return later, he said.

The initial avenue of attack was discovered by prominent Taiwanese cyber-researcher Cheng-Da Tsai, who said he reported the flaw to Microsoft in January. He said in a blog post that he was investigating whether the information leaked.

He did not respond to requests for further comment.

Hackers Target Surveillance Firm, Exposing 150,000 Live Camera Feeds in Hospitals, Jails, and Tesla .
A hacker group claims to have recently broken into the networks of cloud-based surveillance firm Verkada, a Silicon Valley startup that sells and manages security systems to thousands of organizations across the country. © Photo: Martin Bureau (Getty Images) Once inside the firm’s walls, the hackers were able to use its 150,000 live camera feeds to peer into the internal workings of countless organizations, including medical facilities, psychiatric hospitals, jails, schools and police departments, and even large companies like Tesla, Equinox and Cloudflare, according to a report from Bloomberg.

usr: 0
This is interesting!