Cybersecurity group FireEye on Thursday night announced it had found evidence that hackers had exploited a flaw in a popular Microsoft email application since as early as January to target groups across a variety of sectors.
FireEye analysts wrote in a blog post that the company had observed the hackers — who Microsoft announced earlier this week were a Chinese state-sponsored hacking group known as “Hafnium” — exploiting vulnerabilities in Microsoft’s Exchange Server email program to target at least one FireEye client beginning in January.
Since then, FireEye found evidence that the hackers had gone after an array of victims, including “US-based retailers, local governments, a university, and an engineering firm,” along with a Southeast Asian government and a Central Asian telecom.
ADVERTISEMENT
The news comes two days after Microsoft said the Chinese hacking group was actively exploiting previously unknown security flaws in Exchange Server to go after groups running the program.
Microsoft noted that Hafnium had previously been known to steal information from organizations including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and nongovernmental organizations.
FireEye analysts wrote Thursday night that “the activity reported by Microsoft aligns with our observations.”
“The activity we have observed, coupled with others in the information security industry, indicate that these threat actors are likely using Exchange Server vulnerabilities to gain a foothold into environments,” the analysts wrote. “This activity is followed quickly by additional access and persistent mechanisms. As previously stated, we have multiple ongoing cases and will continue to provide insight as we respond to intrusions.”
The federal government may have also been affected by the email application vulnerability, which Microsoft issued a patch for earlier this week.
ADVERTISEMENT
The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive requiring federal agencies to investigate for signs of compromise and to either patch or disconnect from the Exchange Server program if a compromise had taken place.
Jake Sullivan
Jake SullivanA Biden stumble on China? Iran, hostages and déjà vu — Biden needs to do better Biden to detail 'roadmap' for partnership with Canada in meeting with Trudeau MORE, President Biden
Joe BidenThe West needs a more collaborative approach to Taiwan Abbott's medical advisers were not all consulted before he lifted Texas mask mandate House approves George Floyd Justice in Policing Act MORE’s national security adviser, encouraged all network owners to immediately implement the Microsoft patch Thursday night.
“We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities,” Sullivan tweeted.
Former CISA Director Christopher Krebs also underlined the potential seriousness of the breach, tweeting Thursday night that “this is the real deal,” and encouraging organizations running Exchange Server to go into “incident response mode.”
The newly discovered compromise comes as the federal government is still investigating a massive Russian cyber espionage attack that was ongoing for at least a year prior to discovery.
The breach, which has become known as the SolarWinds hack, involved the hackers exploiting software from IT group SolarWinds to target up to 18,000 of its customers. As of last month, at least nine federal agencies and 100 private sector groups had been compromised.
Both FireEye and Microsoft were among the groups compromised by as part of the hacking operation, with FireEye widely credited for drawing attention to the incident by coming forward publicly in December after it was breached.
Article From & Read More ( FireEye finds evidence Chinese hackers exploited Microsoft email app flaw since January | TheHill - The Hill )https://ift.tt/38cu19G
Business
No comments:
Post a Comment