Published on March 16th, 2021 📆 | 4962 Views ⚑0
Investigating Exchange Server exploitation. Governments consider responding to nation-state cyber campaigns.
Bloomberg reports that Microsoft is looking into whether threat actors used the research of Devcore to exploit vulnerabilities in Exchange Server. Devcore, based in Taiwan, alerted Redmond to the Exchange Server vulnerabilities in December. At issue, the Wall Street Journal explains, is how Hafnium’s cyberespionage campaign began quietly in January, picked up momentum, and expanded into widespread cyberlooting by many actors shortly before Microsoft patched them. Microsoft is investigating whether the vulnerability leaked from Devcore, whether inadvertently or deliberately. More recently, publicly released ProxyLogon proof-of-conflict exploits, BleepingComputer says, have placed Exchange Server attacks within the reach of script kiddies. According to the Record, some actors are also “piggybacking” on other threat groups, hijacking web shells placed by other attackers. This has in some cases escalated the damage done, as the hijackers move from cryptojacking to ransomware.The US Government is said, by SecurityWeek, to be nearing some decision on how to respond to the cyberespionage campaigns that exploited SolarWinds and Exchange Server, with some public announcement promised “in weeks, not months.” Response to the threat actors is half the issue. The rest, the New York Times reports, is a plan to reorganize the national approach to security.Other governments are also contemplating developing and deploying offensive cyber capabilities. According to Reuters, British Prime Minister Johnson has called for “cyber attack” capability ahead of the release of a national security review. And the Economic Times reports that India’s government faces calls for preparation to face an increasingly assertive China in cyberspace.
originally appeared on Source link