Search

FireEye finds evidence Chinese hackers exploited Microsoft email app flaw since January | TheHill - The Hill

ponjotor.blogspot.com

Cybersecurity group FireEye on Thursday night announced it had found evidence that hackers had exploited a flaw in a popular Microsoft email application since as early as January to target groups across a variety of sectors. 

FireEye analysts wrote in a blog post that the company had observed the hackers — who Microsoft announced earlier this week were a Chinese state-sponsored hacking group known as “Hafnium” — exploiting vulnerabilities in Microsoft’s Exchange Server email program to target at least one FireEye client beginning in January.

Since then, FireEye found evidence that the hackers had gone after an array of victims, including “US-based retailers, local governments, a university, and an engineering firm,” along with a Southeast Asian government and a Central Asian telecom. 

ADVERTISEMENT

The news comes two days after Microsoft said the Chinese hacking group was actively exploiting previously unknown security flaws in Exchange Server to go after groups running the program. 

Microsoft noted that Hafnium had previously been known to steal information from organizations including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and nongovernmental organizations. 

FireEye analysts wrote Thursday night that “the activity reported by Microsoft aligns with our observations.”

“The activity we have observed, coupled with others in the information security industry, indicate that these threat actors are likely using Exchange Server vulnerabilities to gain a foothold into environments,” the analysts wrote. “This activity is followed quickly by additional access and persistent mechanisms. As previously stated, we have multiple ongoing cases and will continue to provide insight as we respond to intrusions.”

The federal government may have also been affected by the email application vulnerability, which Microsoft issued a patch for earlier this week. 

ADVERTISEMENT

The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive requiring federal agencies to investigate for signs of compromise and to either patch or disconnect from the Exchange Server program if a compromise had taken place.

Jake SullivanJake SullivanA Biden stumble on China? Iran, hostages and déjà vu — Biden needs to do better Biden to detail 'roadmap' for partnership with Canada in meeting with Trudeau MORE, President BidenJoe BidenThe West needs a more collaborative approach to Taiwan Abbott's medical advisers were not all consulted before he lifted Texas mask mandate House approves George Floyd Justice in Policing Act MORE’s national security adviser, encouraged all network owners to immediately implement the Microsoft patch Thursday night. 

“We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities,” Sullivan tweeted

Former CISA Director Christopher Krebs also underlined the potential seriousness of the breach, tweeting Thursday night that “this is the real deal,” and encouraging organizations running Exchange Server to go into “incident response mode.”

The newly discovered compromise comes as the federal government is still investigating a massive Russian cyber espionage attack that was ongoing for at least a year prior to discovery. 

The breach, which has become known as the SolarWinds hack, involved the hackers exploiting software from IT group SolarWinds to target up to 18,000 of its customers. As of last month, at least nine federal agencies and 100 private sector groups had been compromised. 

Both FireEye and Microsoft were among the groups compromised by as part of the hacking operation, with FireEye widely credited for drawing attention to the incident by coming forward publicly in December after it was breached. 

Let's block ads! (Why?)



Business - Latest - Google News
March 05, 2021 at 10:58AM
https://ift.tt/38cu19G

FireEye finds evidence Chinese hackers exploited Microsoft email app flaw since January | TheHill - The Hill
Business - Latest - Google News
https://ift.tt/2Rx7A4Y


Bagikan Berita Ini

0 Response to "FireEye finds evidence Chinese hackers exploited Microsoft email app flaw since January | TheHill - The Hill"

Post a Comment

Powered by Blogger.