Security News

Threat actors are now actively scanning for the Microsoft Exchange ProxyShell remote code execution vulnerabilities after technical details were released at the Black Hat conference. ProxyShell is the name for three vulnerabilities that perform unauthenticated, remote code execution on Microsoft Exchange servers when chained together.

A Chinese cyberespionage group known for targeting Southeast Asia leveraged flaws in the Microsoft Exchange Server that came to light earlier this March to deploy a previously undocumented variant of a remote access trojan on compromised systems. Attributing the intrusions to a threat actor named PKPLUG, Palo Alto Networks' Unit 42 threat intelligence team said it identified a new version of the modular PlugX malware, called Thor, that was delivered as a post-exploitation tool to one of the breached servers.

Threat actors linked to China exploited the notorious Microsoft Exchange ProxyLogon vulnerabilities long before they were publicly disclosed, in attacks against telecommunications companies aimed at stealing sensitive customer data and maintaining network persistence, researchers have found. Threat actors used similar tactics to those exposed recently in the Hafnium zero-day attacks - which were recently blamed on China and condemned by the White House - that exploited ProxyLogon vulnerabilities in Microsoft Exchange Servers to gain access to the targeted networks, according to the report.

China has very firmly pushed back against the accusation it paid contractors to attack Microsoft's Exchange Server. The USA, UK, NATO and other nations on Monday named China as the source of the attack.

The U.S. government and its key allies, including the European Union, the U.K., and NATO, formally attributed the massive cyberattack against Microsoft Exchange email servers to state-sponsored hacking crews working affiliated with the People's Republic of China's Ministry of State Security. "In a statement issued by the White House on Monday, the administration said,"with a high degree of confidence that malicious cyber actors affiliated with PRC's MSS conducted cyber-espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021.

Mastercard announced it will enhance its card program for cryptocurrency wallets and exchanges, making it simpler for partners to convert cryptocurrency to traditional fiat currency. Working with Evolve Bank & Trust and Paxos Trust Company, the leading blockchain infrastructure and regulated stablecoin issuance platform, and Circle, a global financial technology firm and the principal operator of the USD Coin, a dollar digital currency or stablecoin, Mastercard and its partners will test this new capability to enable more banks and crypto companies to offer a card option to people wanting to spend their digital assets anywhere Mastercard is accepted.

The US has also blamed hackers working with China for ransomware attacks, extortion, crypto-jacking and other cybercrimes. The United States and several allies have officially pointed the finger at China for the recent hack of Microsoft Exchange server as well as an ongoing series of cyberattacks carried out by contract hackers for personal profit.

The Microsoft Exchange Server attacks earlier this year were "Systemic cyber sabotage" carried out by Chinese state hacking crews including private contractors working for a spy agency, the British government has said. Foreign Secretary Dominic Raab said this morning in a statement: "The cyber attack on Microsoft Exchange Server by Chinese state-backed groups was a reckless but familiar pattern of behaviour. The Chinese Government must end this systematic cyber sabotage and can expect to be held to account if it does not."

The United States and its allies have officially attributed the Microsoft Exchange server attacks disclosed in early March to hackers affiliated with the Chinese government. In a statement, the White House accused China of using "Criminal contract hackers" to conduct cyber operations.

US and allies, including the European Union, the United Kingdom, and NATO, are officially blaming China for this year's widespread Microsoft Exchange hacking campaign. The Biden administration attributes "With a high degree of confidence that malicious cyber actors affiliated with PRC's MSS conducted cyber espionage operations utilizing the zero-day vulnerabilities in Microsoft Exchange Server disclosed in early March 2021.".