Security News

Cyber sleuths have already blamed China for a hack that exposed tens of thousands of servers running its Exchange email program to potential hacks. The CEO of a prominent cybersecurity firm says it now seems clear China also unleashed an indiscriminate, automated second wave of hacking that opened the way for ransomware and other cyberattacks.

The US government might have subtly signalled that it likely won't hack Russia this month - by telling credulous journalists it has a "Clandestine" plan to, er, launch an attack against its rival before April. Set against the backdrop of the SolarWinds and FireEye hack, and the most recent Hafnium attacks against Microsoft Exchange servers, it isn't hard to imagine presidential PR advisors wanting to give the impression that cyber warfare is their boss's top priority.

The European Banking Authority has confirmed it is another victim on the list of organisations affected by vulnerabilities in Microsoft Exchange. The EBA hurriedly pulled its email servers offline over the weekend as it realised that it was among the ranks of those hit by flaws in Microsoft Exchange being targeted by miscreants.

Victims of a massive global hack of Microsoft email server software - estimated in the tens of thousands by cybersecurity responders - hustled Monday to shore up infected systems and try to diminish chances that intruders might steal data or hobble their networks. While the hack doesn't pose the kind of national security threat as the more sophisticated SolarWinds campaign, which the Biden administration blames on Russian intelligence officers, it can be an existential threat for victims who didn't install the patch in time and now have hackers lingering in their systems.

A malicious web shell deployed on Windows systems by leveraging a previously undisclosed zero-day in SolarWinds' Orion network monitoring software may have been the work of a possible Chinese threat group. The findings were also corroborated by cybersecurity firms Palo Alto Networks' Unit 42 threat intelligence team and GuidePoint Security, both of whom described Supernova as a.NET web shell implemented by modifying an "App web logoimagehandler.ashx.b6031896.dll" module of the SolarWinds Orion application.

Early last week, Microsoft revealed that a China-based group called Hafnium has been launching cyberattacks against organizations by exploiting four zero-day vulnerabilities in on-premises versions of its Exchange Server software. Calling this Microsoft Exchange/OWA hack a pretty elaborate attack, Michael Isbitski, Technical Evangelist at Salt Security, told TechRepublic that he suspects this will impact a lot of organizations still operating their own mail infrastructure rather than using a SaaS like Microsoft 365.

The European Banking Authority took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. Last week, Microsoft patched multiple zero-day vulnerabilities affecting on-premises versions of Microsoft Exchange Server and exploited in ongoing attacks coordinated by multiple state-sponsored hacking groups.

Here's a brief timeline of what we know leading up to last week's mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program. Pressed for a date when it first became aware of the problem, Microsoft told KrebsOnSecurity it was initially notified "In early January." So far the earliest known report came on Jan. 5, from a principal security researcher for security testing firm DEVCORE who goes by the handle "Orange Tsai." DEVCORE is credited with reporting two of the four Exchange flaws that Microsoft patched on Mar. 2.

The European Banking Authority, a key EU financial regulator, says it has fallen victim to a hack of its Microsoft email system which the US company blames on a Chinese group. Microsoft said last week that a state-sponsored group operating out of China was exploiting previously unknown security flaws in its Exchange email services to steal data from business and government users, believed to number in the tens of thousands so far.

Nimble, highly skilled criminal hackers believed to operate out of Eastern Europe hacked dozens of companies and government agencies on at least four continents by breaking into a single product they all used. Operating system companies such as Microsoft have long been bull's-eyes - with untold thousands of installations of its Exchange email server being violated globally in the past few weeks, mostly after the company issued a patch and disclosed that Chinese state hackers had penetrated the program.