Special Report: Administration Reportedly Plans Retaliatory Cyber Strike Against Russia While Grappling With China's Microsoft Exchange Hack

Authorities still not sure of the magnitude of 'big F’ing deal' Chinese hack, No sign federal agencies affected by Hafnium, Microsoft issues update to scanners for detecting web shells, more

(This special report is a follow-up to a special report we issued on Saturday on issues surrounding the Microsoft Exchange breach.)

The U.S. government is planning a series of clandestine moves against Russian networks in a clear attempt to signal to the country’s President Vladimir Putin that the acts are in retaliation for the massive SolarWinds hacks of U.S. government and business networks sources say. They also say that those actions will be combined with economic sanctions and an executive order from President Biden to accelerate federal networks' hardening.

The U.S. action was spurred by Microsoft’s discovery of state-sponsored Chinese threat groups, the largest dubbed Hafnium by Microsoft, which exploited flaws in the Office 365 email system. The White House issued a statement from the National Security Council saying that it “is undertaking a whole of government response to assess and address the impact” and that “this is an active threat still developing, and we urge network operators to take it very seriously.”

The new executive order will also scale back the so-called “defend forward” authority granted to U.S. Cyber Command by the Trump Administration, sources say. It will reportedly require the military arm to bring significant size and scope operations to the White House and allow the National Security Council to review or adjust those operations before Cyber Command undertakes any proactive cyber responses to nation-state threats.

Officials say there is no sign that federal agencies or major defense contractors have been hacked in the campaign that researchers believe began as far back as January. Still, they fear it could spiral into a crisis crippling many small and midsize businesses and state and local government agencies — those least able to afford it. (David E. Sanger, Julian E. Barnes and Nicole Perlroth / New York Times)

Officials say, however, that there are no indications that federal agencies or defense contractors have been hacked in the Microsoft email server campaigns. But they are fearful that the crisis could spiral out of control with small businesses and government organizations that can least afford the costly clean-up. (Ellen Nakashima / Washington Post)

Even though journalist Brian Krebs reported that at least 30,000 organizations could be affected by the Microsoft email hack, government officials say the estimated amount of exploitation appears to be changing hourly. The Chinese threat actor hack of Microsoft is the second major cybersecurity crisis to beset the new administration, still reeling from the SolarWinds breach. “Obviously, this is a big F’ing deal,” one source told Cyberscoop. (Sean Lyngaas / Cyberscoop)

Microsoft pushed out a new update for their Microsoft Safety Scanner (or Microsoft Support Emergency Response Tool, MSERT) tool to detect web shells deployed in the recent Exchange Server attacks. Microsoft suggests organizations select the 'Full scan' option to scan the entire server. (Lawrence Abrams / Bleeping Computer)

Related: ZDNet SecurityBreaking DefenseCNN.comBBC NewsReddit - cybersecurityBleeping ComputerSecurity AffairsAppleInsiderARNMSPoweruserFBI.govTechspotCloudflareCyberscoopThe Register - SecurityArs TechnicaSC MagazineSecurityWeekUS-CERT Current Activity, New York Times - Nicole Perlroth, Japan TimesGadgets NowBig News NetworkChinanews.netNew on MIT Technology ReviewMarketwatchBusiness StandardNew York PostLA Daily News, CTV NewsE Hacking NewsChinanews.netThe Times of IsraelWashington Post, IT ProSouth China Morning PostSlashdot

Photo by Clint Patterson on Unsplash