White House warns of ‘active threat’ from Microsoft email hackers

03/06/2021 USA



“This is an active threat,” White House Press Secretary Jane Sasaki said Friday. “Everyone who runs these servers – government, private sector, academics – needs to work now to patch them up.”

Pasaki’s warnings a To tweet By National Security Adviser Jack Sullivan on Thursday evening who showed how concerned the Biden administration is. He urged IT managers across the country to urgently install software fixes. Sullivan said the U.S. The government is monitoring reports that the U.S. believes the attack by the tanks may have been compromised, as well as “defense industrial industrial base organizations.”

Later Friday, the Cybersecurity and Infrastructure Security Agency said in a tweet that malicious activity, if uncontrolled, could “enable the attacker to gain control over the entire enterprise network.”

In a rare move, White House officials have urged private sector organizations to run local installations of the MicroSF Exchange Server software to establish a number of serious improvements that security experts described in an emergency patch release.

Microsoft says a group of cyber-tackers affiliated with China hit its exchange email servers
Cyber ​​security company FireA said Thursday it has identified a number of specific victims, including “US-based retailers, local governments, a university and an engineering firm.”

Pentagon Press Secretary John Kirby told reporters Friday that the Department of Defense is currently working to determine whether it has been negatively impacted by the identified vulnerabilities.

“We’re aware of that, and we’re evaluating it,” Kirby said. “And that’s just until I’m able to walk right now.”

Microsoft announced this week that it has become aware of a number of vulnerabilities in its server software that are suspected by Chinese hackers. In the past, Microsoft has said, the hacker group responsible – called the Microsoft .ft Hafnium – has gone after “infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.” The group in question had not been publicly identified before, according to microsoft.
The ad comes after FireEx, Microsoft and others reported a suspected Russian hacking campaign launched by infiltrating IT software firm Solarwinds. That effort has led to compromises with at least nine federal agencies and dozens of private businesses.

But the malicious activity unveiled this week is in no way related to the Solarwinds hack, MicroSafe said on Tuesday.

Micro .ft usually publishes software updates on the second Tuesday of each month. But in a sign of the seriousness of the threat, Microsoft released patches addressing new vulnerabilities – a week earlier – that have never been detected.

“We urge network operators to take this very seriously.”

The Department of Homeland Security also issued an emergency directive Tuesday requiring federal agencies to update or disconnect their servers. This is only the sixth director since CISA was formed in 2015, and the second in three months.

“We urge network operators to take this very seriously,” Pasaki said of the order. The administration is concerned there as a “large number of victims”.

Once the hafnium attackers compromise with an organization, Microsoft said, they are known to download data such as address books and gain access to its user account database.

A man working at the Washington think tank told CNN. Told that both her work and personal e-mail account were smashed by the attackers. Microsoft sent him a warning that there was a foreign government behind it. AOL has sent a similar notification for a personal account.

Former Solarwinds CEO blames intern for 'Solarwinds 123' password leak

The man was then interviewed by FBI agents, who showed up at his door, repeating that this was indeed a sophisticated hack run by a foreign government and that FBI investigations were underway across the country.

The attackers used their unauthorized access to e-mail “tailoring,” the person’s contacts. [the messages] In such a way that the recipient does not suspect that I am the sender. “Fraudulent emails from the attackers sent the person’s name inviting non-existent conferences and mentioning an article in her name and a book in her partner’s name that was written by her.

Every message, the person said, came with links, telling people to click on it.

“This is a real deal,” he said. Christopher Krebs tweeted, Former CISA director. “If your organization runs an OWA server hidden from the Internet, consider a compromise between 02 / 26-03 / 03.”
The CISA in its advisory urged network security officials to start searching for evidence of intrusion by September 2020.

The U.S. has not commented on the incident. The government’s unusually public response, which came as a surprise to many experts, is a reflection of both the Trump administration’s focus on cyber issues and the Biden administration, as well as the scale of the threat.

“Is this the first time a special patch has been promoted by a national security adviser?” John Hultquist, vice president of the Mandiant Threat Intelligence Arm of Fire, Loud surprise.
“When you wake up [National Security Advisor] And [Press Secretary] Tweeting about cyber, ” Tweeted Bailey Bickley, a top spokeswoman for the National Security Agency, added a “Starstruck” emoji and quoted Sullivan’s tweet overnight.

CNN’s Michael Conte and Oren Lieberman contributed to this report.

.

Tags

Designed by Tricksfast Solutions
© Copyright 2024, All Rights Reserved