Create an account


Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Microsoft - New nation-state cyberattacks

#1
New nation-state cyberattacks

Today, we’re sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we’re discussing its activity. It is a highly skilled and sophisticated actor.

Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.

Recently, Hafnium has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software. To date, Hafnium is the primary actor we’ve seen use these exploits, which are discussed in detail by MSTIC here. The attacks included three steps. First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what’s called a web shell to control the compromised server remotely. Third, it would use that remote access – run from the U.S.-based private servers – to steal data from an organization’s network.

We’re focused on protecting customers from the exploits used to carry out these attacks. Today, we released security updates that will protect customers running Exchange Server. We strongly encourage all Exchange Server customers to apply these updates immediately. Exchange Server is primarily used by business customers, and we have no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products.

Even though we’ve worked quickly to deploy an update for the Hafnium exploits, we know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems. Promptly applying today’s patches is the best protection against this attack.

In addition to offering new protections for our customers, we’ve briefed appropriate U.S. government agencies on this activity.

This is the eighth time in the past 12 months that Microsoft has publicly disclosed nation-state groups targeting institutions critical to civil society; other activity we disclosed has targeted healthcare organizations fighting Covid-19, political campaigns and others involved in the 2020 elections, and high-profile attendees of major policymaking conferences.

We are encouraged that many organizations are voluntarily sharing data with the world, among each other and with government institutions committed to defense. We’re grateful to researchers at Volexity and Dubex who notified us about aspects of this new Hafnium activity and worked with us to address it in a responsible way. We need more information to be shared rapidly about cyberattacks to enable all of us to better defend against them. That is why Microsoft President Brad Smith recently told the U.S. Congress that we must take steps to require reporting of cyber incidents.

The exploits we’re discussing today were in no way connected to the separate SolarWinds-related attacks. We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services.



https://www.sickgaming.net/blog/2021/03/...erattacks/
Reply



Possibly Related Threads…
Thread Author Replies Views Last Post
  Microsoft - A digital strategy to defend the nation xSicKxBot 0 35 02-25-2021, 05:19 AM
Last Post: xSicKxBot
  Microsoft - VinVL: Advancing the state of the art for vision-language models xSicKxBot 0 56 01-20-2021, 11:29 AM
Last Post: xSicKxBot
  Microsoft - Federal agencies advancing government and our nation xSicKxBot 0 81 11-18-2020, 11:45 PM
Last Post: xSicKxBot
  Microsoft - Cyberattacks targeting health care must stop xSicKxBot 0 78 11-15-2020, 01:04 AM
Last Post: xSicKxBot
  Microsoft - Cyberattacks target international conference attendees xSicKxBot 0 86 10-28-2020, 11:24 PM
Last Post: xSicKxBot
  Microsoft - New cyberattacks targeting US elections xSicKxBot 0 96 09-11-2020, 05:43 AM
Last Post: xSicKxBot
  Microsoft - New to Microsoft Teams: Microsoft Lists now generally available xSicKxBot 0 216 09-04-2020, 04:22 AM
Last Post: xSicKxBot
  Microsoft - A Supreme Court ruling upholds the rights of the nation’s Dreamers xSicKxBot 0 153 06-19-2020, 01:43 AM
Last Post: xSicKxBot
  Microsoft - Microsoft adds 5 languages of India to Microsoft Translator xSicKxBot 0 326 04-17-2020, 01:48 PM
Last Post: xSicKxBot
  Microsoft - State of Decay 2: Juggernaut Edition launches March 13 xSicKxBot 0 424 02-14-2020, 09:29 PM
Last Post: xSicKxBot

Forum Jump:

[-]
Active Threads
[Tut] Private and Public Attributes in P...
Last Post: xSicKxBot
Yesterday 11:05 PM
» Replies: 0
» Views: 3
(Indie Deal) Adventure Tales Bundle, Qua...
Last Post: xSicKxBot
Yesterday 11:05 PM
» Replies: 0
» Views: 4
Mobile - Arena battler Smash Legends goe...
Last Post: xSicKxBot
Yesterday 11:05 PM
» Replies: 0
» Views: 3
News - Epic Secures $1 Billion In Fundin...
Last Post: xSicKxBot
Yesterday 11:04 PM
» Replies: 0
» Views: 3
News - Anniversary: The Animal Crossing ...
Last Post: xSicKxBot
Yesterday 11:04 PM
» Replies: 0
» Views: 3
News - TMNT: Shredder's Revenge Confirme...
Last Post: xSicKxBot
Yesterday 11:04 PM
» Replies: 0
» Views: 5
Unigine 2.14 Released
Last Post: xSicKxBot
Yesterday 03:06 PM
» Replies: 0
» Views: 8
News - Lawson Will Offer New Pokémon Sna...
Last Post: xSicKxBot
Yesterday 03:06 PM
» Replies: 0
» Views: 7
News - Nacon Announces WRC 10, Speeds On...
Last Post: xSicKxBot
Yesterday 03:06 PM
» Replies: 0
» Views: 5
News - Blizzard Arcade Collection Gets T...
Last Post: xSicKxBot
Yesterday 03:06 PM
» Replies: 0
» Views: 15

[-]
Twitter

[-]
Sponsored
Get the Deal of the Week at RefurBees.com

Copyright © SickGaming.net 2012-2020