Chinese hackers use Log4j exploit to go after academic institution

A Chinese hacking group known for industrial espionage and intelligence collection used a vulnerability in Log4j to go after a large academic institution, researchers at CrowdStrike revealed Wednesday. Threat analysts observed the group attempting to install malware after gaining access using a modified version of a Log4j exploit for VMWare Horizon, a virtual workspace technology. CrowdStrike also observed the Chinese hackers trying to harvest credentials for further exploitation. CrowdStrike analysts believe that the group behind the attack, which it is calling “Aquatic Panda,” has likely been active since at least May 2020. Its operations have primarily focused on targets in the telecommunications, technology and government sectors. “Because OverWatch disrupted the attack before AQUATIC PANDA could take action on their objectives, their exact intent is unknown,” Param Singh, vice president of CrowdStrike OverWatch, wrote to CyberScoop in an email. “This adversary, however, is known to use tools to maintain persistence in environments […]

The post Chinese hackers use Log4j exploit to go after academic institution appeared first on CyberScoop.

Continue reading Chinese hackers use Log4j exploit to go after academic institution

Hackers seize severe Microsoft Exchange vulnerabilities in echo of widespread March attacks

A fresh wave of attacks against Microsoft Exchange has government cybersecurity officials on guard for a possible repeat of the chaos hackers rendered earlier this year by exploiting a different vulnerabilities in the popular workplace mail server. The Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency issued an urgent warning Saturday that cybercriminals are actively exploiting months-old vulnerabilities in Microsoft’s ProxyShell. CISA recommended that customers update their systems using software patches that Microsoft released in May to address the vulnerabilities. National Security Agency Cybersecurity Director Rob Joyce also urged companies to patch against the vulnerabilities. Huntress Labs first reported the surge in attacks against unpatched Microsoft Exchange servers on Friday. Targeted organizations include “seafood processors, industrial machinery, auto repair shops, a small residential airport and more,”  Huntress Labs CEO Kyle Hanslovan tweeted. As of Sunday, the firm reported 164 total compromised servers. The trio of vulnerabilities can be used to […]

The post Hackers seize severe Microsoft Exchange vulnerabilities in echo of widespread March attacks appeared first on CyberScoop.

Continue reading Hackers seize severe Microsoft Exchange vulnerabilities in echo of widespread March attacks

Make Cyberattacks Like Hafnium Irrelevant

Recent statements issued by the United States, European Union, and the United Kingdom have accused China of conducting the cyberattack against Microsoft’s Exchange Servers. China continues to deny the claims, but officials identified Hafnium, (a … Continue reading Make Cyberattacks Like Hafnium Irrelevant

Nations come together to condemn China: APT31 and APT40

 On Monday (19JUL2021) President Biden announced that the US and its allies were joining together to condemn and expose that China was behind a set of unprecedented attacks exploiting vulnerabilities in Microsoft Exchange servers conducted earlier this… Continue reading Nations come together to condemn China: APT31 and APT40

White House Accuses China of Microsoft Exchange Attack

Russia may have drawn the lion’s share of scorn for a recent string of cyberattacks against U.S. and global interests, but the Biden administration and a bevy of allies and partners blame China for the assault on Microsoft’s email system. Noting… Continue reading White House Accuses China of Microsoft Exchange Attack

CISO Roundtable: Ransomware Attacks and the True Cost to Business

A recent global research report conducted by Cybereason, titled Ransomware: The True Cost to Business, revealed that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact to the business, inc… Continue reading CISO Roundtable: Ransomware Attacks and the True Cost to Business

The Line in the Sand: How We Respond Today Impacts Our Security Tomorrow

In the past few months, we’ve faced massive attacks with SolarWinds and the HAFNIUM attacks targeting Microsoft Exchange, followed by the unprecedented ransomware attack by DarkSide that crippled US critical infrastructure. It is time to ask ourse… Continue reading The Line in the Sand: How We Respond Today Impacts Our Security Tomorrow

Ransomware Trends: Six Notable Ransomware Attacks from 2021

The security community witnessed triple-digit growth in the number of publicly disclosed ransomware incidents in 2020. As noted in a previous blog post on Five Things You Need to Know About Ransomware Attacks, ransomware attacks grew 715% in H1 20… Continue reading Ransomware Trends: Six Notable Ransomware Attacks from 2021

When a Ripple Becomes a Wave: Cyberattack Fallout

The exploitation of Microsoft Exchange Server made headlines earlier this year, sending security teams scrambling to patch their servers before malicious actors had a chance to compromise their system. According to Microsoft, they have attributed the … Continue reading When a Ripple Becomes a Wave: Cyberattack Fallout