At least 10 hacking groups using Microsoft software flaw — researchers

FireEye CEO Kevin Mandia gives a tour of the cybersecurity company's office in Reston, Virginia, on March 9, 2021. FireEye has confirmed seeing “multiple likely-China groups” using the Microsoft flaws in different waves. (AP Photo/Nathan Ellgren)
Short Url
Updated 11 March 2021

At least 10 hacking groups using Microsoft software flaw — researchers

  • The security holes in the widely used mail and calendaring solution leave the door open to industrial-scale cyber espionage
  • Microsoft has blamed the hack on China. The Chinese government denies any role

WASHINGTON: At least 10 different hacking groups are using recently discovered flaws in Microsoft Corp’s mail server software to break in to targets around the world, cybersecurity company ESET said in a blog post on Wednesday.
The breadth of the exploitation adds to the urgency of the warnings being issued by authorities in the United States and Europe about the weaknesses found in Microsoft’s Exchange software.
The security holes in the widely used mail and calendaring solution leave the door open to industrial-scale cyber espionage, allowing malicious actors to steal emails virtually at will from vulnerable servers or move elsewhere in the network. Tens of thousands of organizations have already been compromised, Reuters reported last week, and new victims are being made public daily.
Earlier on Wednesday, for example, Norway’s parliament announced data had been “extracted” in a breach linked to the Microsoft flaws. Germany’s cybersecurity watchdog agency also said on Wednesday two federal authorities had been affected by the hack, although it declined to identify them.
While Microsoft has issued fixes, the sluggish pace of many customers’ updates — which experts attribute in part to the complexity of Exchange’s architecture — means the field remains at least partially open to hackers of all stripes. The patches do not remove any back door access that has already been left on the machines.
In addition, some of the back doors left on compromised machines have passwords that are easily guessed, so that newcomers can take them over.
Microsoft declined comment on the pace of customers’ updates. In previous announcements pertaining to the flaws, the company has emphasized the importance of “patching all affected systems immediately.”
Although the hacking has appeared to be focused on cyber espionage, experts are concerned about the prospect of ransom-seeking cybercriminals taking advantage of the flaws because it could lead to widespread disruption.
ESET’s blog post said there were already signs of cybercriminal exploitation, with one group that specializes in stealing computer resources to mine cryptocurrency breaking in to previously vulnerable Exchange servers to spread its malicious software.
ESET named nine other espionage-focused groups it said were taking advantage of the flaws to break in to targeted networks — several of which other researchers have tied to China. Microsoft has blamed the hack on China. The Chinese government denies any role.
Intriguingly, several of the groups appeared to know about the vulnerability before it was announced by Microsoft on March 2.
Ben Read, a director with cybersecurity company FireEye Inc. , said he could not confirm the exact details in the ESET post but said his company had also seen “multiple likely-China groups” using the Microsoft flaws in different waves.
ESET researcher Matthieu Faou said in an email it was “very uncommon” for so many different cyber espionage groups to have access to the same information before it is made public.
He speculated that either the information “somehow leaked” ahead of the Microsoft announcement or it was found by a third party that supplies vulnerability information to cyber spies.
Taiwan-based researchers reported to Microsoft on Jan. 5 that they had found two new flaws which need patching. Those two were among those that began being used by the attackers shortly before or after the friendly report.
They said were investigating whether there had been a theft or leak on their side, since exploitation was discovered in the wild the same week later. So far, the group called Devcore said, they had found no evidence.
Top-flight hackers are also commonly targeted by other hackers. Just this week, Microsoft patched one of the flaws used by suspected North Koreans in attempts to steal information from Western researchers.
But simultaneous discovery happens fairly often, in part because researchers use the same or similar tools to hunt for serious flaws, and many eyes are looking at the same high-value targets.
“It is very likely that some actor groups may have being using these vulnerabilities and led to the result of the attacks being observed by other information security vendors,” Devcore member Bowen Hsu told Reuters.
But the security industry has been abuzz with other theories, including a hack of Microsoft’s systems for tracking bugs, which has happened in the past.

 

 


Sputnik V shows higher omicron-antibody levels than Pfizer in preliminary study

Updated 9 sec ago

Sputnik V shows higher omicron-antibody levels than Pfizer in preliminary study

MOSCOW: A small preliminary laboratory study has shown that levels of omicron-neutralising antibodies of people vaccinated with Russia’s Sputnik V vaccine did not decline as much as of those who had Pfizer shots.
The joint Russian-Italian study — funded by the Russian Direct Investment Fund, which markets Sputnik V abroad — compared the blood serum of people who had received the different vaccines.
Researchers said samples taken three to six months after the second dose of a vaccine have shown that the levels of antibodies in recipients of two doses of Sputnik V were more resistant to omicron than in those vaccinated with Pfizer.
It included 51 people vaccinated with Sputnik V and 17 after two shots of the Pfizer vaccine.
“Today the necessity of third booster vaccination is obvious,” the preliminary study published on Jan. 19 said.
The preliminary study, that will seek certification by peer review, showed that omicron-specific neutralizing antibodies were detected in the blood serum of 74.2 percent of the people vaccinated with Sputnik and in 56.9 percent of those vaccinated with Pfizer/BioNtech.
An earlier preliminary study by the Gamaleya Institute, the developer of Sputnik V, showed that a booster shot of Sputnik Light vaccine provided a stronger antibody response against omicron than the two-dose Sputnik V vaccine alone.
omicron has pushed COVID-19 case figures to record highs in parts of western Europe and the United States. But the variant has only now began to hit Russia, where the daily nationwide new infections spiked to 38,850 on Tuesday from 33,899 the day before.
Russia has so far officially recorded more than 1,600 cases of the variant and has mobilized its health system to tackle an increase in cases but authorities said they realized that there are many more cases related to omicron.

French parliament denounces China's Uyghur 'genocide'

Updated 20 January 2022

French parliament denounces China's Uyghur 'genocide'

  • The non-binding resolution was proposed by the opposition Socialists in the lower house of parliament
  • It reads that the National Assembly "officially recognises the violence perpetrated by the People's Republic of China against the Uyghurs as constituting crimes against humanity and genocide"

PARIS: France's parliament on Thursday denounced a "genocide" by China against its Uyghur Muslim population, in a resolution that risks straining ties between Paris and Beijing two weeks before the Winter Olympics.
The non-binding resolution, adopted with 169 votes in favour and just one against, was proposed by the opposition Socialists in the lower house of parliament but also backed by President Emmanuel Macron's Republic on the Move (LREM) party.
It reads that the National Assembly "officially recognises the violence perpetrated by the People's Republic of China against the Uyghurs as constituting crimes against humanity and genocide".
It also calls on the French government to undertake "the necessary measures within the international community and in its foreign policy towards the People's Republic of China" to protect the minority group in the Xinjiang region.
"China is a great power. We love the Chinese people. But we refuse to submit to propaganda from a regime that is banking on our cowardice and our avarice to perpetrate a genocide in plain sight," Socialist party chief Olivier Faure said.
He recounted testimony to parliament from Uyghur survivors who told of conditions inside internment camps where men and women were unable to lie down in cells, subjected to rape and torture, as well as forced organ transplants.
French MPs were also called to applaud Uyghurs refugees who had been invited to observe the parliamentary session.
The resolution follows a similar move in Britain in April last year which led to condemnation from China.
The Netherlands and Canadian parliaments both called Chinese treatment of the Uyghurs "genocide" in February 2021, while the US government also called it genocide under former president Donald Trump.
United States, Britain, Australia and Canada have announced diplomatic boycotts of the Beijing Winter Olympics, which start on February 4.
China denies genocide or the existence of forced labour camps in Xinjiang and has accused Uyghurs testifying overseas about conditions inside the northwestern region of being paid liars.
The French parliamentary resolution comes at a time when the European Union is weighing how to respond to a Chinese blockade of Lithuania's exports, as well as Beijing's crushing of democratic freedoms in Hong Kong.
French President Emmanuel Macron, who has sought to avoid being dragged into increasingly confrontational ties between China and the United States, was asked about the Uyghurs during an appearance before the European parliament on Wednesday.
"You were right to remind us of massacres, massive deportations and forced labour," he told campaigning MEP Raphael Glucksmann.
"France raises this in a very clear fashion in all of our bilateral talks (with Beijing)."
He said he was in favour of an EU regulation that would "ban the import of goods that result from forced labour."
Speaking in parliament on Thursday to represent the government, Trade Minister Franck Riester referred to "systematic violence" and "overwhelming testimonies" from Uyghurs, but said that terming their treatment genocide was a formal decision taken by international institutions.
Beijing has turned down repeated requests from the UN High Commission for Human Rights to visit the region to investigate.
Human rights groups say they have found evidence of mass detentions, forced labour, political indoctrination, torture and forced sterilisation in Xinjiang.
After initially denying the existence of the Xinjiang camps, China later defended them as vocational training centres aimed at reducing the appeal of Islamic extremism.
The United States has slapped sanctions on a growing list of Chinese politicians and companies over the treatment of the Uyghurs, leading to tit-for-tat measures from Beijing.
China has also sanctioned European, British and US lawmakers, as well as academics who study Xinjiang and a London law firm.
The only French MP to vote against Thursday's resolution was Buon Tan from Macron's LREM, the chairman of a Franco-Chinese "friendship group".


At least two dead, 22 wounded by bomb in Pakistan’s Lahore

Updated 20 January 2022

At least two dead, 22 wounded by bomb in Pakistan’s Lahore

  • The attack was claimed on Twitter by a spokesman for the Baloch Nationalist Army
  • Officials said a nine-year-old child was one of those killed

LAHORE: At least two people were killed and 22 wounded Thursday by a bomb blast in a busy shopping district of the Pakistani megacity of Lahore, police and officials said.
The attack was claimed on Twitter by a spokesman for the Baloch Nationalist Army, one of several ethnic separatist groups that have been waging an insurgency for years in southwest Pakistan.
“Initial investigations show that it was a time-controlled device on a motorbike which was the cause of the blast,” Rana Arif, spokesman for Lahore police, told AFP.
Thursday’s blast happened in old Lahore’s busy Anarkali shopping district, damaging several motorbikes and upturning market stalls.
Officials said a nine-year-old child was one of those killed.
Pakistani Prime Minister Imran Khan expressed regret over the “loss of precious human lives,” a spokesman for his office said.
On Twitter, a spokesman for the Baloch Nationalist Army said it was responsible.
“This attack targeted bank employees. A detailed statement will be issued soon,” the tweet said.
Mineral-rich Balochistan, bordering Afghanistan and Iran, is the largest of Pakistan’s four provinces, but its roughly seven million inhabitants have long complained they do not receive a fair share of its gas and mineral wealth.
China is investing in the area under a $54-billion project known as the China-Pakistan Economic Corridor (CPEC), upgrading infrastructure, power and transport links between its far-western Xinjiang region and Pakistan’s Gwadar port.
Baloch separatists previously claimed several attacks on CPEC projects, and thousands of Pakistani security personnel are deployed in the region to counter the violence.
Pakistan has suffered a string of blasts and attacks against police since December, when a truce between the government and Pakistan’s Taliban lapsed.
Tehreek-e-Taliban Pakistan (TTP) — a home-grown movement that shares common roots with the Afghan Taliban — has claimed responsibility for most recent attacks.
The TTP said earlier this week it was responsible for a deadly shootout in Islamabad on Monday night — a rare attack by the militants in the heavily guarded capital.
A police officer was killed and two others injured when two TTP gunmen opened fire from a motorbike on a police checkpoint.
Police said both attackers were killed, and Pakistan’s interior minister warned afterwards of the potential for further violence.
Pakistan’s government announced late last year it had entered a month-long truce with the TTP, facilitated by Afghanistan’s Taliban, but that expired on December 9 after peace talks failed to make progress.
The TTP has been blamed for hundreds of suicide bomb attacks and kidnappings across the country, and for a while held sway over vast tracts of the nation’s rugged tribal belt, imposing a radical version of Islamic law.
But after the 2014 massacre of nearly 150 children at a Peshawar school, the Pakistan military sent huge numbers of troops into TTP strongholds and crushed the movement, forcing its fighters to retreat to Afghanistan.


UK police arrest 2 men over Texas synagogue hostage-taking

Updated 20 January 2022

UK police arrest 2 men over Texas synagogue hostage-taking

LONDON: British police said Thursday they have arrested two people in connection with a hostage-taking at a synagogue in Texas.
Counter Terrorism Police North West said one man was arrested Thursday in Birmingham, central England, and another in the northern English city of Manchester. They are being held for questioning and have not yet been charged.
The force said it was continuing to support US authorities with their investigation into Saturday’s hostage incident. Malik Faisal Akram, a 44-year-old British citizen, took four people hostage at a Texas synagogue in a 10-hour standoff that ended in his death. All four hostages were unharmed.
Police did not disclose details about the two people detained Thursday. British police do not release names and details of detainees until they are charged.
On Sunday, police arrested British teenagers in Manchester as part of the investigation. They were later released without charge.
Akram was from Blackburn, an industrial city in northwest England. His family said he had been “suffering from mental health issues.”
Akram entered the United States on a tourist visa about two weeks earlier and spent time in Dallas-area homeless shelters before the attack at Congregation Beth Israel, in the suburb of Colleyville.
The FBI has called the incident “a terrorism-related matter” targeting the Jewish community.
British media, including the Guardian and the BBC, have reported that Akram was investigated by the domestic intelligence service MI5 as a possible “terrorist threat” in 2020, but authorities concluded he posed no danger, and the investigation was closed.
The White House said Tuesday that Akram had been checked against US law enforcement databases before entering the country but raised no red flags.


Indian court jails man in first conviction over 2020 Delhi riots

Updated 20 January 2022

Indian court jails man in first conviction over 2020 Delhi riots

  • Riots followed months of protests against a citizenship law that critics say discriminates against the Muslim minority
  • More than 50 people, most of them Muslims, were killed in the worst such violence in the Indian capital in decades

NEW DELHI: An Indian court on Thursday jailed a man for five years in the first conviction over religious riots in New Delhi in 2020, when more than 50 people, most of them Muslims, were killed.

The riots, the worst such violence in the capital in decades, followed months of protests against a citizenship law that critics say discriminates against the Muslim minority in the mostly Hindu country.

Prosecutors and witnesses said Dinesh Yadav was part of a mob of up to 200 mostly Hindu rioters who vandalized and set fire to the house of a woman named Manori, New Delhi’s Karkardooma Court heard last month.

Yadav’s lawyer, Shikha Garg, said that apart from the jail term, the court on Thursday also ordered him to pay a fine of 12,000 rupees ($161).

“We will file an appeal before a higher court,” Garg told Reuters.

Prime Minister Narendra Modi’s administration, which draws its support mainly from the majority community, changed the citizenship law in 2019 to expedite citizenship for persecuted Hindus, Parsis, Sikhs, Buddhists, Jains and Christians who arrived in India before Dec. 31, 2014, from Muslim-majority Afghanistan, Bangladesh and Pakistan.

Many Muslims in India have opposed the exclusion of their community. There are an estimated 200 million Muslims in India out of a population of 1.35 billion — the biggest Muslim minority in the world.