Search form

You are here

  • Home
  • At least 10 hacking groups using Microsoft software flaw — researchers


At least 10 hacking groups using Microsoft software flaw — researchers

FireEye CEO Kevin Mandia gives a tour of the cybersecurity company's office in Reston, Virginia, on March 9, 2021. FireEye has confirmed seeing “multiple likely-China groups” using the Microsoft flaws in different waves. (AP Photo/Nathan Ellgren)
Short Url

https://arab.news/w9zx8

Updated 11 March 2021
Reuters
Follow

At least 10 hacking groups using Microsoft software flaw — researchers

  • The security holes in the widely used mail and calendaring solution leave the door open to industrial-scale cyber espionage
  • Microsoft has blamed the hack on China. The Chinese government denies any role
Updated 11 March 2021
Reuters

WASHINGTON: At least 10 different hacking groups are using recently discovered flaws in Microsoft Corp’s mail server software to break in to targets around the world, cybersecurity company ESET said in a blog post on Wednesday.
The breadth of the exploitation adds to the urgency of the warnings being issued by authorities in the United States and Europe about the weaknesses found in Microsoft’s Exchange software.
The security holes in the widely used mail and calendaring solution leave the door open to industrial-scale cyber espionage, allowing malicious actors to steal emails virtually at will from vulnerable servers or move elsewhere in the network. Tens of thousands of organizations have already been compromised, Reuters reported last week, and new victims are being made public daily.
Earlier on Wednesday, for example, Norway’s parliament announced data had been “extracted” in a breach linked to the Microsoft flaws. Germany’s cybersecurity watchdog agency also said on Wednesday two federal authorities had been affected by the hack, although it declined to identify them.
While Microsoft has issued fixes, the sluggish pace of many customers’ updates — which experts attribute in part to the complexity of Exchange’s architecture — means the field remains at least partially open to hackers of all stripes. The patches do not remove any back door access that has already been left on the machines.
In addition, some of the back doors left on compromised machines have passwords that are easily guessed, so that newcomers can take them over.
Microsoft declined comment on the pace of customers’ updates. In previous announcements pertaining to the flaws, the company has emphasized the importance of “patching all affected systems immediately.”
Although the hacking has appeared to be focused on cyber espionage, experts are concerned about the prospect of ransom-seeking cybercriminals taking advantage of the flaws because it could lead to widespread disruption.
ESET’s blog post said there were already signs of cybercriminal exploitation, with one group that specializes in stealing computer resources to mine cryptocurrency breaking in to previously vulnerable Exchange servers to spread its malicious software.
ESET named nine other espionage-focused groups it said were taking advantage of the flaws to break in to targeted networks — several of which other researchers have tied to China. Microsoft has blamed the hack on China. The Chinese government denies any role.
Intriguingly, several of the groups appeared to know about the vulnerability before it was announced by Microsoft on March 2.
Ben Read, a director with cybersecurity company FireEye Inc. , said he could not confirm the exact details in the ESET post but said his company had also seen “multiple likely-China groups” using the Microsoft flaws in different waves.
ESET researcher Matthieu Faou said in an email it was “very uncommon” for so many different cyber espionage groups to have access to the same information before it is made public.
He speculated that either the information “somehow leaked” ahead of the Microsoft announcement or it was found by a third party that supplies vulnerability information to cyber spies.
Taiwan-based researchers reported to Microsoft on Jan. 5 that they had found two new flaws which need patching. Those two were among those that began being used by the attackers shortly before or after the friendly report.
They said were investigating whether there had been a theft or leak on their side, since exploitation was discovered in the wild the same week later. So far, the group called Devcore said, they had found no evidence.
Top-flight hackers are also commonly targeted by other hackers. Just this week, Microsoft patched one of the flaws used by suspected North Koreans in attempts to steal information from Western researchers.
But simultaneous discovery happens fairly often, in part because researchers use the same or similar tools to hunt for serious flaws, and many eyes are looking at the same high-value targets.
“It is very likely that some actor groups may have being using these vulnerabilities and led to the result of the attacks being observed by other information security vendors,” Devcore member Bowen Hsu told Reuters.
But the security industry has been abuzz with other theories, including a hack of Microsoft’s systems for tracking bugs, which has happened in the past.

 

 

Topics: Microsoft Cybersecurity ESET Microsoft’s Exchange FireEye

Related

Business & Economy
More than 20,000 US organizations compromised through Microsoft flaw
Business & Economy
Microsoft says it found malicious software in its systems

Kenya, Tanzania brace for cyclone as heavy rains persist

Updated 40 min 39 sec ago
AFP
Follow

Kenya, Tanzania brace for cyclone as heavy rains persist

  • The two East African neighbors are still recovering from last weeks devastating floods
  • Kenya reported about 200 dead while Tanzaia said at least 155 died in floods and landslides
Updated 40 min 39 sec ago
AFP

NAIROBI: Kenya and Tanzania were bracing Thursday for a cyclone on the heels of torrential rains that have devastated East Africa, killing more than 350 people and forcing tens of thousands from their homes.

In addition to claiming 188 lives in Kenya since March, the floods have displaced 165,000 people, with 90 reported missing, the interior ministry said, as the government warned citizens to remain on alert.
“Crucially, the coastal region is likely to experience Cyclone Hidaya, which will result in heavy rainfall, large waves and strong winds that could affect marine activities in the Indian Ocean,” the office of Kenyan President William Ruto said.
Neighbouring Tanzania, where at least 155 people have been killed in flooding and landslides, is also expected to feel the force of Hidaya.
“The presence of Hidaya Cyclone... is expected to dominate and affect the weather patterns in the country including heavy rain and strong winds in some Regions near Indian Ocean,” Tanzania Red Cross Society said on X, formerly Twitter.
Kenya’s capital Nairobi is among the areas expected to suffer heavy rains over the next three days, the Kenya Meteorological Department said on X, warning of strong winds and large ocean waves along the country’s coastline.
The forecaster urged residents to be vigilant for flash floods and lightning strikes, adding that strong winds could “blow off roofs, uproot trees” and cause other damage.
The heavier than usual rains have also claimed at least 29 lives in Burundi, with 175 people injured, and tens of thousands displaced since September last year, the United Nations said.

Earlier this week Ruto announced he was deploying Kenya’s military to evacuate everyone living in flood-prone areas.

In a bulletin released Thursday evening, the interior ministry ordered anyone living close to major rivers or near 178 “filled up or near filled up dams or water reservoirs” to vacate the area within 24 hours, warning that they would otherwise face “mandatory evacuation for their safety.”
The devastation has also affected Kenya’s tourism sector — a key economic driver — with some 100 tourists marooned in the famed Maasai Mara wildlife reserve on Wednesday after a river overflowed, flooding lodges and safari camps.
Rescuers later managed to evacuate 90 people by ground and air, the interior ministry said.
The area is currently inaccessible with bridges washed away, Narok West sub-county administrator Stephen Nakola told AFP, adding that about 50 camps in the reserve have been affected, putting more than 500 locals temporarily out of work.
There are no fatalities but communities living around the area have been forced to move away.
“Accessing the Mara is now a nightmare and the people stuck there are really worried, they don’t have an exit route,” Nakola said, adding that waterborne diseases were likely to emerge.
“I am worried that the situation could get worse because the rains are still on.”
In the deadliest single incident in Kenya, dozens of villagers were killed when a dam burst on Monday near Mai Mahiu in the Rift Valley, about 60 kilometers (40 miles) north of Nairobi.
The interior ministry said 52 bodies had been recovered and 51 people were still missing after the dam disaster.

Opposition politicians and lobby groups have accused Ruto’s government of being unprepared and slow to respond to the crisis despite weather warnings.
“Kenya’s government has a human rights obligation to prevent foreseeable harm from climate change and extreme weather events and to protect people when a disaster strikes,” Human Rights Watch said Thursday.
The United States and Britain have issued travel warnings for Kenya, urging their nationals to be cautious amid the extreme weather.
The devastation has sparked an outpouring of condolences and pledges of solidarity from all over the world, including from Pope Francis and UN Secretary General Antonio Guterres.
The rains have been amplified by the El Nino weather pattern — a naturally occurring climate phenomenon typically associated with increased heat worldwide, leading to drought in some parts of the world and heavy downpours elsewhere.
 

Topics: Kenya Tanzania Hidaya Cyclone William Ruto

Related

World
Kenya flood toll rises to 179 as homes and roads are destroyed

UK’s foreign secretary supported arms sales to Israel days after British aid workers killed in Israeli strike

A World Central Kitchen vehicle destroyed in the Israeli airstrike in April 2024. (File/Reuters)
Updated 02 May 2024
Arab News
Follow

UK’s foreign secretary supported arms sales to Israel days after British aid workers killed in Israeli strike

  • Attack on World Central Kitchen convoy killed 7 people in total
Updated 02 May 2024
Arab News

LONDON: Britain’s foreign secretary recommended that the UK continue selling arms to Israel just days after an Israeli strike on a World Central Kitchen convoy killed three British aid workers.

David Cameron supported the continuation of arms sales two days after the strike on April 1, and the Secretary of State for Business and Trade Kemi Badenoch approved the decision on April 8, The Guardian reported on Thursday.

Cameron said earlier this week that the strike that killed the Britons, in addition to four aid workers of other nationalities, revealed systemic and personal failures by members of the Israel Defense Forces.

Cameron’s decision seems to have been based on an assessment of Israeli compliance with humanitarian law that did not cover the deaths of the aid workers due to a time lag in the government’s process for deciding if British arms exports were at risk of being used to commit war crimes.

There was a possibility that the business department’s assessment did not cover any incidents after Jan. 28.

An update on the handling of arms export licenses that took into consideration events up until the end of February was prepared, but the British Foreign Office has declined to say if that was included in the advice given to ministers.

Opposition Labour MPs claim the time delay means there is a possibility that no comprehensive ministerial-level assessment of Israel’s conduct of the war in Gaza has been made in the last three months.

Lawyers and campaigners who have examined the evidence provided by the Foreign Office have come to the same conclusion.

World Central Kitchen said on Monday it would resume operations in the Gaza Strip, a month after the Israeli airstrike.

Prior to halting operations, WCK had distributed more than 43 million meals in Gaza since October, representing by its own accounts 62 percent of all international nongovernmental aid.

Topics: War on Gaza UK British Foreign Secretary David Cameron

Related

Middle-East
World Central Kitchen founder raps Israeli ‘war against humanity’
Update
Middle-East
World Central Kitchen charity halts Gaza operations after apparent Israeli strike kills 7 workers

NATO condemns Russian ‘malign activities’ on its territory

Updated 02 May 2024
AFP
Follow

NATO condemns Russian ‘malign activities’ on its territory

  • The incidents “are part of an intensifying campaign of activities” Russia is carrying out across the Euro-Atlantic area
  • NATO allies “express their deep concern over Russia’s hybrid actions, which constitute a threat to allied security“
Updated 02 May 2024
AFP

BRUSSELS: NATO on Thursday condemned Russian “malign activities” on its territory, saying actions like disinformation, sabotage, violence and cyber interference threatened the alliance’s security.
The incidents “are part of an intensifying campaign of activities” Russia is carrying out across the Euro-Atlantic area and NATO allies “express their deep concern over Russia’s hybrid actions, which constitute a threat to allied security,” NATO said in a statement.
Authorities in the Czech Republic, Estonia, Germany, Latvia, Lithuania, Poland and Britain have recently investigated and charged people in connection with “hostile state activity.”
NATO said allies would work together to deter and defend against the hybrid actions and that they would remain steadfast in supporting Ukraine as it struggles to fend off Russia’s invasion, now in its third year.
Last month, a 20-year-old British man was charged with masterminding an arson plot against a Ukrainian-linked target in London. Moscow’s ambassador Andrey Kelin dismissed claims of links to Russia as “absurd” and “unfounded.”
In late March, Czech authorities said they had busted a Moscow-financed network that spread Russian propaganda and wielded influence across Europe, including in the European Parliament.

Topics: NATO disinformation sabotage

Related

World
Sweden to send NATO troops to Latvia next year: PM
World
Ukraine seeks urgent G7, NATO help for battered air defenses

Israeli private eye arrested in UK over alleged hacking for US PR firm

Updated 02 May 2024
Reuters
Follow

Israeli private eye arrested in UK over alleged hacking for US PR firm

  • An initial attempt to extradite Amit Forlit to the United Sates was thrown out by a judge at Westminster Magistrates’ Court on Thursday
  • Forlit was arrested under an Interpol red notice at London’s Heathrow Airport
Updated 02 May 2024
Reuters

LONDON: An Israeli private investigator wanted by the United States was arrested in London over allegations that he carried out a cyberespionage campaign on behalf of an unidentified American PR firm, a London court heard on Thursday.
An initial attempt to extradite Amit Forlit to the United Sates was thrown out by a judge at Westminster Magistrates’ Court on Thursday on a legal technicality.
Amy Labram, a lawyer representing the United States, had told the court that Forlit “is accused of engaging in a hack for hire scheme.”
Labram said that the US allegations include that an unnamed Washington-based PR and lobbying firm paid one of Forlit’s companies 16 million pounds ($20 million) “to gather intelligence relating to the Argentinian debt crisis.”
Forlit was arrested under an Interpol red notice at London’s Heathrow Airport as he was trying to board a flight to Israel, according to the USauthorities.
Forlit is wanted in the US on three charges: one count of conspiracy to commit computer hacking, one count of conspiracy to commit wire fraud and one count of wire fraud.
A judge ruled that the attempt to extradite Forlit by the United States could not continue as he was not produced at court within the timeframe required under British extradition law.
“He was not produced at court as soon as practicable and the consequences of that ... he must – I have no discretion – he must be discharged,” Judge Michael Snow ruled.
Forlit and his lawyer did not immediately return messages seeking comment. The Federal Bureau of Investigation did not immediately return a message.
Forlit has separately been accused of computer hacking in New York by aviation executive Farhad Azima. Azima, whose emails were stolen and used against him in a 2020 trial in London, is suing Forlit and others in federal court in Manhattan.
Forlit has previously acknowledged retrieving Azima’s emails but has denied hacking, telling Reuters he innocently stumbled across the messages “on the web.”

Topics: Israel UK US cyber espionage

Related

Pakistan
Facebook says cyber espionage groups from India, Pakistan snooping on thousands
Middle-East
Iran claims it has dismantled a US cyber espionage network

Death toll jumps to at least 48 as a search continues in southern China highway collapse

Updated 02 May 2024
AP
Follow

Death toll jumps to at least 48 as a search continues in southern China highway collapse

  • One side of four-lane highway in Meizhou city gave way after a month of heavy rains
  • Twenty-three vehicles fell down a steep slope, some sending up flames as they caught fire
Updated 02 May 2024
AP

BEIJING: The death toll from a collapsed highway in southeastern China climbed to 48 on Thursday as searchers dug for a second day through a treacherous and mountainous area.

One side of the four-lane highway in the city of Meizhou gave way about 2 a.m. on Wednesday after a month of heavy rains in Guangdong province. Twenty-three vehicles fell down a steep slope, some sending up flames as they caught fire. Construction cranes were used to lift out the burnt-out and mutilated vehicles.

Officials in Meizhou said three other people were unidentified, pending DNA testing. It wasn’t immediately clear if they had died, which would bring the death toll to 51. Another 30 people had non-life-threatening injuries.

The search was still ongoing, Meizhou city Mayor Wang Hui said at a late-afternoon news conference. No foreigners have been found among the victims, he said.

Search work has been hampered by rain and land and gravel sliding down the slope. The disaster left a curving earth-colored gash in the otherwise verdant forest landscape. Excavators dug out a wider area on the slope.

“Because some of the vehicles involved caught fire, the difficulty of the rescue operation has increased,” said Wen Yongdeng, the Communist Party secretary for the Meizhou emergency management bureau.

“Most of the vehicles were buried in soil during the collapse, with a large volume of soil covering them,” he said.

He added that the prolonged heavy rainfall has saturated soil in the area, “making it prone to secondary disasters during the rescue process.”

Over 56 centimeters (22 inches) of rain has fallen in the past four weeks in the county where the roadway collapsed, more than four times as much as last year. Some villages in Meizhou flooded in early April, and the city has seen more rain in recent days.

Parts of Guangdong province have seen record rains and flooding in the past two weeks, as well as hail. A tornado killed five people in Guangzhou, the provincial capital, during rain and hail storms last weekend.

The highway section collapsed on the first day of a five-day May Day holiday, when many Chinese are traveling at home and abroad.

Chinese leader Xi Jinping said that all of China’s regions should improve their monitoring and early warning measures and investigate any risks to ensure the safety of the public and social stability, state broadcaster CCTV said.

Topics: China China rain

Latest updates

Saudi women tackling, kicking their way into football
Saudi authorities plan to boost assets under management to 29.4% of GDP in 2024
Kenya, Tanzania brace for cyclone as heavy rains persist
Islamic finance industry projected to grow in 2024-2025
Turkiye halts all trade with Israel, cites worsening Palestinian situation

Search form

Print Edition
Read pdf version Subscribe now
© 2024 SAUDI RESEARCH & PUBLISHING COMPANY, All Rights Reserved And subject to Terms of Use Agreement.