The US is about to announce the attacker of the Microsoft Exchange server

The US is about to announce the attacker of the Microsoft Exchange server

Washington: US Deputy National Security Advisor for Cyber ​​and Emerging Technologies Anne Newberg said that the Biden administration will formally announce in the “coming weeks” who initiated the widespread Microsoft Exchange server hack that swept the country earlier this year. Country X is the number one suspect.

This will be the third in a series of high-profile cyber incidents that the government has had to deal with since taking office, including SolarWinds and Colonial Pipeline. In April last year, the US government officially blamed SolarWinds on the Russian Foreign Intelligence Service (SVR). The system was started and disclosed last year, but its impact has spread to this year. In May of this year, the FBI stated that the ransomware of the cybercrime group DarkSide was used in the Colonial Pipeline, but it is still unclear whether DarkSide or one of its affiliates carried out the hacking.

This attribution may further intensify the relationship between the United States and Country X, and military and government officials have always referred to it as an “rising threat” to the United States. Country X is the second largest economy in the world and the second largest trading partner of the United States (after the European Union). The United States is the largest trading partner of country X. All these factors create a dynamic that is very different from the relationship between the United States and Russia.

As readers know, Microsoft disclosed the activity in March and issued out-of-band patches for four zero-day vulnerabilities that were used as part of a widespread cyber espionage campaign. At the time of disclosure, Microsoft “highly confident” attributed the initial activities to a previously unknown organization called HAFNIUM in Country X. However, shortly after the disclosure, a series of cyber attackers began to exploit vulnerabilities in unpatched server software, including Country X, Russia and criminal threat actors.

Neuberger stated in a virtual event hosted by Silverado Policy Accelerator that approximately 140,000 US organizations were attacked.

The attribution of Exchange activities will also provide hints on the role of the first national network director in such incidents. A few weeks ago, Chris Inglis, a veteran of the National Security Agency, was confirmed to hold the position.

During the period when Joe Biden was the vice president and continued during the Trump administration, the scope and scale of country X’s extensive cyber espionage activities gained more public recognition. Country X has carried out many high-profile hacking attacks on American targets, including health insurance giant Anthem, financial services company Equifax, and the U.S. Government Personnel Management Office. These three hacking attacks led to the loss of Americans’ health, financial, and security clearance data.

Cyber ​​espionage against U.S. intellectual property, including commercial and industrial information, resulted in “the largest transfer of wealth in history,” said the then head of Cyber ​​Command and General Keith Alexander of the US National Security Agency in 2012. The Intellectual Property Commission report, published in May 2013, found that country X steals US$300 billion worth of US intellectual property every year-financially equivalent to all the US Asian exports at the time of publication.

Nevertheless, as readers of Breaking Defense know, Microsoft Exchange cyber espionage has triggered some high-profile incidents and left some unanswered questions. The main one is that threat actors seem to know that Microsoft will disclose the activity in early March, and intensified hacking attacks in the first few days-in addition to HAFNIUM, other X organizations are included.

The government’s response led to an unprecedented (at least publicly known) action taken by the FBI, in which law enforcement organizations obtained the court’s permission to actively disrupt the network and patch the vulnerable Exchange servers of private entities without prior notice. entity. The legal consequences may have important implications for how the government responds to future cyber incidents.

Now, the government must weigh how to respond to this movement. At present, there are few details on the countermeasures the government is considering. The following is a safe assumption: If the President believes that the US response is worthy of some cyber elements, Cyber ​​Command will lead such operations with the assistance of the NSA.

Considering that the Internet in country X is basically closed to most parts of the world, this task may be more complicated than most people. However, if someone can carry out such an activity, that is the only first-class network power in the world.

The Links:   NL10276AC30-07 MG50G6ES40

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *