Wednesday, April 24 2024

The United States, United Kingdom, and European Union joined industry groups in attributing the Microsoft exchange server attacks earlier this year to Chinese government state-sponsored hackers.

The attack exploited four zero-day flaws in Microsoft Exchange Server email software and affected approximately a quarter of a million servers worldwide. Affected victims included the European Banking Authority, Norwegian parliament, and other banks, retailers, universities, and electricity providers.

Microsoft attributed a Chinese APT group as the source of the attack. Tom Burt, corporate vice president of customer security and trust at Microsoft, stated that the attacks were carried out by “a state-sponsored threat actor” that Microsoft’s threat intelligence center dubbed Hafnium.

The White House stated in a release that China’s Ministry of State Security contracted exploitation of Microsoft Exchange Servers to criminal organizations and these criminal groups engaged in ransomware attacks, cyber enabled extortion, crypto-jacking, and rank theft.

Collaboration between nation-state threat groups and cybercriminals will increase attribution challenges. Jeff Barker, vice president at the cybersecurity company Illusive, noted that a “nation-state may use a ransomware group to mask their activities.”

Incidents such as the massive SolarWinds Orion supply chain cyberattack and targeted attacks against Microsoft Exchange Server have prompted industry concern over third-party risk management practices and regulatory attention. This month, the US Federal Reserve, Office of the Comptroller of the Currency, and the FDIC jointly proposed guidance on third-party risk management procedures.

Hafnium primarily targets US companies to obtain their private data, according to a Microsoft post on the incident. These data leaks could allow companies affected by the hack to be exploited further.

Previous

Banking Regulators Release Proposed Guidance on Third-Party Risk

Next

Cybersecurity M&A and Funding Update: July 23

Check Also

Widget

Don’t Miss

The words Endpoint Detection and Response (EDR) on a green background with lines on the right side of the image

Best Endpoint Detection & Response Platforms

Lara Oporto

Endpoint Detection & Response platforms continuously monitor endpoints for signs of malicious activities, such as unauthorized access or unusual behavior, enabling rapid detection and response to potential cyber threats to safeguard organizational assets. What is Endpoint Detection and Response and how does it work? Endpoint Detection and Response (EDR) is a cornerstone in modern cybersecurity […]

AT&T AlienVault Products Review: OSSIM vs USM

Ellie Buscemi

AlienVault is now the technological basis for AT&T AlienLabs and provides multiple products for different companies’ cybersecurity needs. What AT&T AlienVault Products are Available? In December 2021, CISOstack reported that AT&T intended to acquire AlienVault to expand its cybersecurity offerings to more businesses. Two years later, AlienVault-based offerings make up a large portion of AT&T’s […]

Photo by Simon Kadula on Unsplash.

Navigating Manufacturing IIoT Cybersecurity Challenges

John Powers

Guarding the Gears: Government policy and industry collaboration to mitigate cyberthreats to manufacturers. The smart factory is on the rise. Production lines equipped with advanced sensors can monitor equipment health in real-time and predict potential issues before they disrupt operations. Temperature and humidity sensors can ensure the optimal environment for delicate manufacturing processes. RFID-enabled asset […]

Best Microsegmentation Software

Ellie Buscemi

Microsegmentation allows a company to divide digital assets into smaller, more secure groups, which makes it harder for cybercriminals to take over a company’s data center. What is Microsegmentation? Microsegmentation refers to cyber professionals building layers of cybersecurity protection between groups of digital assets or individual cyber assets. Adding these layers inside instead of only […]

Best Breach and Attack Simulation Platforms

Ellie Buscemi

Breach and attack simulation (BAS) platforms allow companies to see weaknesses in their cyber infrastructures before a malicious hacker can exploit them. What Is BAS – Breach and Attack Simulation? Breach and attack simulation (BAS) is an approach to cybersecurity that uses advanced tools to imitate the attacks used by cybercriminals on companies’ digital infrastructure. […]

Ofer Ben-Noon and Ohad Bobrov

Palo Alto Networks to Acquire Talon

Ellie Buscemi

On Monday, Palo Alto Networks agreed to acquire Israeli startup Talon Cyber Security, an enterprise browser platform. The deal values Talon at between $600 to $700 million, according to The Information. Palo Alto will integrate Talon’s enterprise browser solution into its Prisma SASE product. The acquisition comes among a wave of acquisitions and releases involving […]