Tag Archive for: hack

Tool created to aid cleanup from Microsoft hack in broad use | Govt-and-politics

/in




Tool created to aid cleanup from Microsoft hack in broad use

FILE – In this Jan. 28, 2020 file photo a Microsoft computer is among items displayed at a Microsoft store in suburban Boston. A tool designed to help businesses protect themselves from further compromises after a global hack of Microsoft email server software has been downloaded more than 25,000 times since it was released last week. That’s according to the White House’s National Security Council. As a result, the number of vulnerable systems has fallen by 45 percent. (AP Photo/Steven Senne, File



Steven Senne


WASHINGTON (AP) — A tool designed to help businesses protect themselves from further compromises after a global hack of Microsoft email server software has been downloaded more than 25,000 times since it was released last week, the White House’s National Security Council said Monday.

As a result, the number of vulnerable systems has fallen by 45%, according to an NSC spokesperson.

The one-click Microsoft tool was created to protect against cyberattacks and to scan systems for compromises and fix them. It was developed after a massive hack affecting an estimated tens of thousands of users of servers running Microsoft’s Exchange email program.

The breach was discovered in early January and was attributed to Chinese cyber spies targeting U.S. policy think tanks. Then in late February, five days before Microsoft Corp. issued a patch on March 2, there was an explosion of infiltrations by other intruders, piggybacking on the initial breach.

The White House earlier this month described the hack as an “active threat” that was being addressed by senior national security officials. The administration’s response…

Source…

Acer reportedly facing $50 million ransomware demand following hack

/in


What just happened? Acer is reportedly the latest tech giant to become the victim of a ransomware attack. The Taiwanese company was hit by the REvil ransomware gang, which is demanding it hand over $50 million worth of Monero cryptocurrency in exchange for the decryption key. The payment will also ensure sensitive company data isn’t leaked online.

The Record writes that the attack has only affected Acer’s back-office and not the hardware maker’s production systems. The firm hasn’t confirmed any ransomware incident, and the attack never stopped the announcement of its Q4 2020 financial results last Wednesday.

The Record found Acer’s name on a dark web portal where the REvil gang usually leaks stolen data from companies that don’t pay ransoms. While no files have been posted, there were screenshots of internal documents.

Another dark web portal operated by REvil showed the $50 million ransom note, believed to be the largest demand ever made by ransomware gang—the previous record was a $30 million ransomware attack on Pan-Asian retail giant Dairy Farm, also the work of REvil.

The page included a copy of an online conversation between a group member and an Acer representative that started on March 14. The attackers call the rep an “incompetent negotiator,” demanding their boss get in touch.

Bleeping Computer notes that the group offered to discount the ransom by 20 percent if it was paid before last Wednesday. If the Monero isn’t handed over by March 28, the amount will double to $100 million. Acer was warned “to not repeat the fate of the SolarWind.”

It’s believed that the attack may have been carried out using a Microsoft Exchange exploitation. “Advanced Intel’s Andariel cyberintelligence system detected that one particular REvil affiliate pursued Microsoft Exchange weaponization,” malware expert Vitali Kremez told BleepingComputer.

We recently heard that four zero-day exploits in Microsoft Exchange are being targeted by at least ten advanced persistent threat (APT) hacker groups in an attempt to compromise servers around the world.

Acer is cagey about the incident, referring to it only as “abnormal situations.” In a statement…

Source…

The Cybersecurity 202: Senate panel delves into SolarWinds hack

/in


Lawmakers want to know just what is being done within the federal government to prevent the likelihood of another such attack.

Three witnesses — the acting director of the Department of Homeland Security’s Cybersecurity and Information Security Agency (CISA); the acting assistant director of the FBI’s Cyber Division’ and the chief information security officer from the Office of Management and Budget, will field questions from the panel. 

Those questions are likely to focus on specific changes the government is implementing to better guarantee the security of contractors, as well as the progress of internal audits in cases where agencies were compromised; and which entities are responsible for coordinating a government-wide response.

The Biden administration has promised a more aggressive stance against foreign hackers, especially those backed by Russian government entities. Last month, the administration signaled it was planning to sanction Moscow for the SolarWinds hack, alongside the poisoning of Russian opposition leader Alexei Navalny, which the United States has also blamed on the Kremlin. While the administration has announced sanctions against Russia for Navalny’s poisoning, sanctions for the SolarWinds attack have yet to materialize.

Since the revelation of the SolarWinds hack late last year, tech giant Microsoft has admitted that its email systems — which are also used by U.S. government agencies — were subject to their own hacking, likely by China. The disclosure of that hack has raised new questions about how the Biden administration will implement a policy of cyber deterrence against a range of adversaries and threats — many of them state-sponsored — with varying motivations.

For example, earlier this week, two of the agencies whose representatives will face senators on Thursday released a declassified report showing while Russia and Iran were among the countries trying to influence the outcome of the 2020 election, China was not. 

The report — which determined that Vladimir Putin directed the Kremlin to carry out influence operations against President Biden and Democrats during the 2020 election — also repudiated many of the conspiracy theories former…

Source…

Chinese nation state hackers linked to Finnish Parliament hack

/in


Chinese nation state hackers linked to Finnish Parliament hack

Chinese nation-state hackers have been linked to an attack on the Parliament of Finland that took place last year and led to the compromise of some parliament email accounts.

“Some parliament e-mail accounts may have been compromised as a result of the attack, among them e-mail accounts that belong to MPs,” Parliament officials said at the time.

The attack was detected by the Finnish Parliament’s security team and is being investigated by the Finnish National Bureau of Investigation (NBI), with the help of the Security Police and the Central Criminal Police.

“Last year, the Security Police has identified a state cyber-espionage operation against Parliament, which tried to infiltrate Parliament’s information systems,” a statement issued today reads. “According to intelligence from the Security Police, this was the so-called APT31 operation.”

Central Criminal Police Commissioner Tero Muurman added that further details regarding the attack will not be disclosed while the investigation is still ongoing.

“When the investigated criminal offenses are aggravated espionage, aggravated computer break-in, and aggravated message interception everyone understands how serious offenses we are dealing with,” Parliament Speaker Anu Vehviläinen said.

APT31 espionage campaigns

APT31 (also tracked as Zirconium and Judgment Panda) is a China-backed hacking group known for its involvement in numerous information theft and espionage operations, working at the behest of the Chinese Government.

As BleepingComputer previously reported, this APT group has also been linked to the theft and repurposing of the EpMe NSA exploit years before Shadow Brokers publicly leaked it in April 2017.

Last year, Microsoft observed APT31 attacks against international affairs community leaders and high-profile individuals associated with the Joe Biden for President campaign.

APT31 was also…

Source…