![]() A subsequent investigation revealed suspicious POST requests to legitimate resources on the Exchange servers, leading the researchers to suspect they had been backdoored. The attacks were initially spotted in January by researchers from security firm Volexity after observing unusual connections and data transfers to suspicious IP addresses from the Exchange servers of some of its customers. The group has targeted entities in the US including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs. Microsoft attributes the attacks to a Chinese APT group dubbed Hafnium that has a history of exploiting vulnerabilities in internet-facing servers and targeting Office 365 users. The flaws allow the extraction of mailbox contents and the installation of backdoors on vulnerable servers. When reached for comment, a Chinese government spokesperson said the country opposes cyber attacks and “will never encourage, support, or connive at” them.Microsoft has released emergency patches for four previously unknown vulnerabilities in Exchange Server that a cyberespionage group was exploiting to break into organizations. They don’t need to burn the most valuable, advanced tools on low-level campaigns.” “But this doesn’t necessarily need to be done by the most professional operators in China. “This strategy allows to outsource some of the lower-hanging fruit, the simple stuff that still needs to get done,” Condra says. Jiangsu Cimer did not respond to a request for comment. Now known as Jiangsu Cimer Information Security Technology Co., the company provides defensive and offensive cybersecurity products. What’s more, an email address used to register several of RedAlpha’s malicious domains across multiple espionage campaigns has been connected to a Chinese company that works with numerous government-owned companies, as well as the People’s Liberation Army University of Science and Technology, an elite state-run institution focused on researching high-tech Chinese military capabilities. ![]() The Green Army, in fact, is one of the most important groups in the history of Chinese hacking an alliance of several thousand Chinese nationalist hackers who targeted foreign websites, the organization gave rise to some of the country’s most prominent hackers, and parts of the faction evolved into major private sector cybersecurity firms still active today. ![]() Shared details on registration of malicious domains connect the group to an individual who once said he was a member of the Green Army, China’s first underground hacking group, dating back to 1997. Significant clues point to RedAlpha’s connections to important state groups. While it has hackers in its intelligence and military agencies, China has also reportedly used private contractors like RedAlpha to conduct cyber-espionage operations, according to multiple American indictments. The group also impersonated government agencies from India, Brazil, Vietnam, and Portugal.Ĭhina is widely considered to be one of the world’s most active and highly capable cyber powers, alongside the United States. We wouldn’t see RedAlpha doing this over the course of three years if they weren’t getting something out of it from their targets.” (Multifactor authentication is a cybersecurity technology that prevents hackers from taking over an account even if they have stolen a password it is widely recommended and relatively easy to implement, but is often pushed aside for other priorities.)Īs tensions continue to increase between the United States and China over Taiwan, analysts say, the hackers were likely conducting espionage with the goal of producing political intelligence. “That’s even more true on the government side in countries that move slower, have tighter budgets, and have more institutional resistance to change. ![]() “There are a lot of organizations that have not implemented multifactor authentication,” Condra adds. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |