Special Report: Administration Reportedly Plans Retaliatory Cyber Strike Against Russia While Grappling With China's Microsoft Exchange Hack
Authorities still not sure of the magnitude of 'big F’ing deal' Chinese hack, No sign federal agencies affected by Hafnium, Microsoft issues update to scanners for detecting web shells, more
(This special report is a follow-up to a special report we issued on Saturday on issues surrounding the Microsoft Exchange breach.)
The U.S. government is planning a series of clandestine moves against Russian networks in a clear attempt to signal to the country’s President Vladimir Putin that the acts are in retaliation for the massive SolarWinds hacks of U.S. government and business networks sources say. They also say that those actions will be combined with economic sanctions and an executive order from President Biden to accelerate federal networks' hardening.
The U.S. action was spurred by Microsoft’s discovery of state-sponsored Chinese threat groups, the largest dubbed Hafnium by Microsoft, which exploited flaws in the Office 365 email system. The White House issued a statement from the National Security Council saying that it “is undertaking a whole of government response to assess and address the impact” and that “this is an active threat still developing, and we urge network operators to take it very seriously.”
The new executive order will also scale back the so-called “defend forward” authority granted to U.S. Cyber Command by the Trump Administration, sources say. It will reportedly require the military arm to bring significant size and scope operations to the White House and allow the National Security Council to review or adjust those operations before Cyber Command undertakes any proactive cyber responses to nation-state threats.
Officials say there is no sign that federal agencies or major defense contractors have been hacked in the campaign that researchers believe began as far back as January. Still, they fear it could spiral into a crisis crippling many small and midsize businesses and state and local government agencies — those least able to afford it. (David E. Sanger, Julian E. Barnes and Nicole Perlroth / New York Times)
James A. Lewis @james_a_lewis2021 U.S. Cyber Command Legal Conference (over 6000 viewers from 31 countries). Discussion of Defend Forward, use of coercion and threats against Russia and China. https://t.co/xBXRlut70r
Officials say, however, that there are no indications that federal agencies or defense contractors have been hacked in the Microsoft email server campaigns. But they are fearful that the crisis could spiral out of control with small businesses and government organizations that can least afford the costly clean-up. (Ellen Nakashima / Washington Post)
Even though journalist Brian Krebs reported that at least 30,000 organizations could be affected by the Microsoft email hack, government officials say the estimated amount of exploitation appears to be changing hourly. The Chinese threat actor hack of Microsoft is the second major cybersecurity crisis to beset the new administration, still reeling from the SolarWinds breach. “Obviously, this is a big F’ing deal,” one source told Cyberscoop. (Sean Lyngaas / Cyberscoop)
Microsoft pushed out a new update for their Microsoft Safety Scanner (or Microsoft Support Emergency Response Tool, MSERT) tool to detect web shells deployed in the recent Exchange Server attacks. Microsoft suggests organizations select the 'Full scan' option to scan the entire server. (Lawrence Abrams / Bleeping Computer)
Related: ZDNet Security, Breaking Defense, CNN.com, BBC News, Reddit - cybersecurity, Bleeping Computer, Security Affairs, AppleInsider, ARN, MSPoweruser, FBI.gov, Techspot, Cloudflare, Cyberscoop, The Register - Security, Ars Technica, SC Magazine, SecurityWeek, US-CERT Current Activity, New York Times - Nicole Perlroth, Japan Times, Gadgets Now, Big News Network, Chinanews.net, New on MIT Technology Review, Marketwatch, Business Standard, New York Post, LA Daily News, CTV News, E Hacking News, Chinanews.net, The Times of Israel, Washington Post, IT Pro, South China Morning Post, Slashdot