The low cost of funding these hacker groups, with the high rate of return on the secrets stolen primarily from the United States, has made this a highly profitable enterprise for the nation state. While the United States continues to maintain military superiority with its massive defense budget of over $600 billion, China has very rapidly invested much of its resources into funding the wide array of hacker groups within its borders. Īs the battlefield of cyber warfare continues to take shape, it is clear that China has decided that this is the realm in which they will be most likely to level the playing field with other global super-powers. Now that the group and its activities have been outed, the attacks have become less covert as Hafnium and other bad-actors scramble to grab as much data as they can before the window of opportunity closes as the updates disseminate. When these attacks were first propagated, they were deliberate and well hidden, with the Hafnium group being able to exfiltrate entire email inboxes with little to no detection. The list includes: Server-Side Request Forgery CVE-2021-26855 Unified Messaging Service CVE-2021-26857 Post-Authentication Arbitrary File Writing Vulnerabilities CVE-2021-26858 and Post-Authentication Arbitrary File Writing Vulnerabilities CVE-2021-27065. This means that these attacks could have a devastating domino effect while these Exchange Servers remain unprotected by the now-available updates. Because the zero-day attacks have been recorded and added to the MITRE corporation’s Common Vulnerabilities and Exposures list at their https:\\ website as of Februthe zero-days are now out in the open for anyone to use. The targets of the group have been the on-premises Microsoft Exchange email servers of organizations, meaning that the vulnerabilities that have been used are specific to servers that are physically present within the infrastructure of said organizations, not cloud servers, which limits the scope of the attack but is still a major concern for organizations of any scale that employ the on-premises servers. While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.” “Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. It is not known at this time how long the group has been active, and previous attacks have not been widely publicized. The hacking activity that Hafnium has conducted in these 2021 attacks shows just how advanced the group is in their tactics, which leads authorities such as those from Microsoft to classify the group as a nation-state threat actor. However, the group has now made an impact that has gained their organization notoriety on a global scale. As such the group has not yet been classified with an APT number as is customary for well-known threats. Hafnium, prior to this attack, was a known APT but had rarely been discussed openly outside of the cybersecurity realm. “SolarWinds Hack”) show a growing effort by nation state sponsored hacking groups to attempt to level a global power struggle that has been traditionally dominated by military might. These attacks along with the many other attacks such as the recent “Sunburst” (a.k.a. Microsoft and The US Cybersecurity and Infrastructure Security Agency (CISA) have issued directives to all users of these Microsoft Exchange servers to install emergency patches that have been made available to mitigate the zero-day vulnerabilities. It is believed that the attacks began on or about Janubut were only recently announced to the public. The servers being targeted are Exchange 2013, 2016, and 2019, and they are being exploited by four zero-day vulnerabilities. Microsoft confirmed the attacks in a press release on Main a statement by Tom Burt, the Corporate Vice President, Customer Security & Trust. based cybersecurity company released information regarding an active hack from a Chinese government backed Advanced Persistent Threat (APT) hacking group known as Hafnium that is specifically targeting on-premises (no cloud servers have been targeted so far) Microsoft Exchange servers.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |