Home Blog

Amazon takes NSO Group infrastructure offline

0
Amazon takes NSO Group infrastructure offline

Amazon Web Services (AWS) has closed all accounts linked to the NSO Group. The Israeli company used Amazon’s CloudFront to distribute its Pegasus spy software. In response, Jeff Bezos’ company decided to take the company’s entire infrastructure on AWS offline.

A partnership of seventeen news organizations, human rights organization Amnesty International and the journalistic platform Forbidden Stories announced on Monday that they had obtained a list of 50,000 telephone numbers. According to the researchers, these were potential victims whose communications were or could be tapped between 2016 and June 2021.

The list contained no names. Still, reporters managed to identify a thousand men. They say the list includes many prominent figures from the business world, human rights activists, politicians and dignitaries. In addition, at least 189 journalists are mentioned. They write for media outlets such as CNN, Associated Press (AP), The Wall Street Journal, The New York Times, The Financial Times, Bloomberg and Al Jazeera.

Pegasus was used to eavesdrop on the people on the telephone list. That is espionage or surveillance software developed by the NSO Group. The spyware collects text messages, emails, photos, videos, location data, and contact phone numbers. Pegasus can also silently record phone calls, take screenshots and turn on the camera.

Amnesty International’s Citizen Lab has investigated the NSO Group’s espionage program. The forensic investigation shows that at least 67 smartphones are infected with Pegasus. In addition, at least 37 journalists and human rights activists were hacked to eavesdrop on them. To distribute the surveillance software, the NSO Group used Amazon Web Services’ CloudFront. This is a content delivery network (CDN) that allows customers to deliver their content (in this case Pegasus) to customers faster.

This prompted Amazon to remove all accounts of the NSO Group from its servers. “Once we learned of these activities, we acted quickly to shut down the relevant infrastructure and accounts,” an Amazon spokesperson told Motherboard in an email. In its own words, the NSO Group is violating Amazon Web Services’ terms of use by distributing Pegasus in this way.

The site emphasizes that it is striking that Amazon is now taking action against the NSO Group. In May 2020, Motherboard showed evidence that the Israeli company is distributing its spy software through Amazon’s infrastructure. Then the online retailer and cloud provider did not intervene.

Incidentally, the closure of Amazon Web Services does not mean that the NSO Group can no longer distribute its eavesdropping program. Research by Amnesty International has shown that the company is already using the infrastructure and services of other providers, including Digital Ocean, OVH and Linode.

The NSO Group has been under fire for years because of the wiretapping program. The company says it only sells its software to security services and ‘veiled governments’ to track down terrorists and cybercriminals and guarantee national security. However, many journalists, lawyers and human rights activists do not believe this lecture. The company has therefore been sued more than once in the past, but without success.

The NSO Group strongly denies that it sells its software to criminals, or is used to intimidate, arrest or even murder journalists and human rights activists. A link between the murdered Saudi Arabian journalist Jamal Khashoggi and Pegasus has been suggested more than once. The NSO Group is far from that.

Our technologies are used daily to take down paedophile and drug and sex trafficker networks, locate missing and abducted children, locate survivors trapped under collapsed buildings and protect the airspace from disruptive penetration by dangerous drones. the NSO Group wrote in a press statement earlier this week. The company is therefore considering taking legal action.

Meanwhile, United Nations (UN) High Commissioner for Human Rights Michelle Bachelet is calling on governments to stop using Pegasus. “The revelations about the apparently widespread use of the Pegasus software to spy on journalists, human rights defenders, politicians and others in various countries are extremely alarming. They seem to confirm some of our worst nightmares about the potential misuse of surveillance technology to illegally undermine people’s human rights,” Bachelet said. Ursula von der Leyen, president of the European Commission, called the use of the spy software “completely unacceptable”.

Catch up on more articles here

Follow us on Twitter here

China denies hacking attacks via Exchange Server

0
China denies hacking attacks via Exchange Server

China strongly denies ordering cyber-attacks through vulnerabilities in Microsoft Exchange Server. A spokesman for China’s foreign ministry said the allegations were “made up” for political purposes. There would also be insufficient evidence to designate China as the instigator.

The case revolves around four zero-day exploits that Microsoft found in March in Microsoft Exchange Server. Businesses and organizations use Exchange Server to send and receive emails. Because e-mails often contain attachments with sensitive information and e-mail addresses of various contacts, Exchange Server processes a lot of sensitive data. Information you don’t want to end up in the wrong hands.

Hackers abused the vulnerabilities found to steal confidential business and personal data. In addition, they backdoored companies and organizations that worked with Exchange Server. This allowed the attackers to penetrate their victims’ computer systems at any time to steal data or install ransomware or other malware.

As soon as Microsoft heard of the vulnerabilities, the American hardware and software company immediately worked on a solution. Many system administrators managed to solve the problem on their own. For others, the patch came too late. Tens of thousands of organizations worldwide had become victims of the zero-day exploits, including dozens of Dutch companies.

For a long time, it was suspected that Chinese state hackers were behind ransomware attacks. On Monday, an international coalition officially accused the communist country of ordering state hackers to attack companies and organizations worldwide and obtain sensitive data. The coalition consisted of the EU, US, UN, NATO, Canada, Australia, New Zealand, Japan and the United Kingdom.

The EU wrote in a press statement that China’s hacking attacks have “undermined the security and integrity of thousands of computers and networks worldwide”. The aim, according to European politicians, was to steal as much intellectual property and trade secrets as possible and to promote corporate espionage. The EU opts for diplomacy and says it will continue to urge China not to ‘use their territory for malicious cyber activities.

The US opted for a tougher stance. The government said cyberattacks by Chinese state hackers caused billions of dollars in damage to the US economy and society. The Justice Ministry on Monday charged four hackers with close ties to the Chinese Ministry of State Security. The suspects would have been trying to hack companies for years. Their targets included the aviation, navy, army and the education and healthcare sectors.

These allegations did not exactly go down well in China. Zhao Lijian, a spokesman for the Chinese Ministry of Foreign Affairs, says that the insinuations have been “made up” for political reasons. “China will not accept this. We do not engage in cyber attacks. The technical details provided by the US government do not constitute a complete chain of evidence,” he told a news conference in Beijing. Liu Pengyu, a spokesman for the Chinese embassy in Washington, said the allegations against China are “irresponsible.”

The Chinese ambassador to Australia, in turn, says the US is a ‘world champion’ when it comes to espionage. He is referring to a Danish report that showed that America secretly eavesdropped on European allies for years, including German Chancellor Angela Merkel, then Foreign Minister Frank-Walter Steinmeier and opposition leader of the SPD Peer Steinbrück. The NSA and the Danish secret service FE reportedly made agreements in 2008 to tap Danish internet cables. The American intelligence service used the same method to wiretap surrounding countries, including Poland, France, Norway, Sweden and the Netherlands.

Catch up on more articles here

Follow us on Twitter here

Ransomware attack knocks out train ticket machines in northern England

0
Ransomware attack knocks out train ticket machines northern England

No customer or payment data has been compromised.

Ticket machines of the British state-owned railway company Northern Trains were disabled in an alleged cyber-attack using ransomware.

As reported by the Reuters news agency, only the servers associated with the ticket machines were damaged as a result of the incident.

“We are currently investigating with our vendor, but there are indications that the devices have been cyberattacked using ransomware,” the company said in a statement.

Northern Trains representatives assured that no customer or payment data was compromised.

Catch up on more articles here

Follow us on Twitter here

Edward Snowden calls for a ban on the spyware trade

0
Edward Snowden calls ban spyware trade

According to Snowden, if nothing is done, no cell phone will be safe from government hackers.

Governments must impose a global moratorium on the international trade in espionage software, or no mobile phone will be safe from government-sponsored hackers, former US intelligence contractor Edward Snowden said in an interview with Britain’s The Guardian.

Thus, he commented on the recent journalistic investigation into the use of the spyware Pegasus and the activities of its developer, the Israeli company NSO Group.

Pegasus software collects data from infected mobile phones, including the content of emails, text messages, contact lists, location data, photos, videos, and can also activate the microphone and camera on the device for covert recording. The program exploits zero-day vulnerabilities in iOS and Android for hidden installation on smartphones and remote information retrieval. For example, on iOS 14.6 Pegasus can be remotely installed via iMessage without following the link (zero-click attack).

As part of the investigation, experts from the French NGO Forbidden Stories and the human rights organization Amnesty International analyzed a list of 50,000 phone numbers believed to belong to persons of interest to NSO Group customers and found dozens of successful Pegasus spyware infections.

The NSO Group itself states that it takes ethical considerations into account and sells its software only to verified customers. In addition, the company is subject to the export control regulations of Israel, Cyprus and Bulgaria. The manufacturer also stressed that it has no information on how its customers use the Pegasus.

Snowden said the new investigation illustrates how commercial malware allows oppressive regimes to spy on large numbers of people.

“If they can do the same thing from a distance with little cost and without risk, they will start doing it all the time with everyone who is of any interest,” Snowden said. “If nothing is done to stop the sale of this technology, the number will turn out to be not 50 thousand, but 50 million goals, and this will happen much earlier than we expect.”

Catch up on more articles here

Follow us on Twitter here

EU and US hold China responsible for cyber attacks via Exchange Server

0
EU and US hold China responsible for cyber attacks via Exchange Server

The European Union and the United States say Chinese state hackers carried out cyber attacks by exploiting vulnerabilities in Microsoft Exchange Server. In doing so, they have caused serious damage to the economy, democracy and society. They say they are doing everything they can to fight ‘evil behaviour in cyberspace’ together with international partners.

The EU and the White House reported this in a press statement.

In March, Microsoft announced that Microsoft Exchange Server contained four dangerous zero-day exploits. Companies and organizations use Exchange Server to send and receive emails. In addition, Exchange Server processed emails with attachments and contact lists. A large number of companies and agencies store a variety of competitively sensitive information on these servers.

The vulnerabilities found were actively exploited by hackers and cybercriminals to steal confidential information. In addition, this allowed them to install a so-called backdoor so that they could access the internal computer systems of their victims at all times. They could then not only steal company and privacy-sensitive data at any time but also install ransomware or other malware and commit corporate espionage.

Many system administrators managed to fix the vulnerabilities in Exchange Server on their own. In early March, Microsoft rolled out a security update to close the zero days. For many, this was a godsend, but for some, this solution came too late. Tens of thousands of organizations worldwide were the victims of unscrupulous hackers, including dozens of Dutch companies.

Microsoft’s investigation revealed that Chinese state hackers actively abused the zero-day exploits to make victims. According to the American hardware and software company, HAFNIUM was responsible for this.

For the first time since the attacks broke out, an international coalition says the People’s Republic of China is responsible for “irresponsible and destabilizing behaviour in cyberspace.” That has had a significant impact on the security, economy, democracy and community in general of the US, EU, UK, UN and NATO and other international partners, including CanadaAustraliaNew Zealand and Japan.

“The compromise and exploitation of the Microsoft Exchange Server undermined the security and integrity of thousands of computers and networks worldwide,” the EU said in a statement. Some attacks have targeted government institutions and political organizations in the EU Member States, as well as key European industries. According to the EU, the attacks were carried out by the hacker groups APT40 and APT31 and can be traced back to mainland China. The goal was to steal as much intellectual property and trade secrets as possible and to commit espionage.

The EU says it will continue to urge China not to allow “their territory to be used for malicious cyber activities”. She also promises to take ‘appropriate measures’ and to deploy all available resources to track down and deal with the perpetrators. “We will continue to enhance our cooperation, including with international partners and other public and private stakeholders, by increasing the exchange of information and maintaining diplomatic contacts, by strengthening cooperation on cyber resilience and incident handling, as well as joint efforts. to improve the overall security of software and its supply chains.”

The US government is taking a tougher stance. According to the White House, China hires criminal hackers to carry out cyberattacks worldwide. The hackers are employed by the Chinese Ministry of State Security and in this capacity have carried out ransomware attacks and engaged in crypto jacking and extortion. And all for your own financial gain.

“The PRC’s reluctance to tackle criminal activity by contract hackers is hurting governments, businesses and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments and damage mitigation efforts,” President Biden said. In recent months, he has done everything possible to remove Chinese hackers from public and private networks and to close as many vulnerabilities as possible. The government has also worked non-stop to raise national cybersecurity to a higher level, especially critical infrastructure. She will continue with this for the foreseeable future.

To put it into action, the Ministry of Justice is indicting four hackers who they say have close ties to the Chinese Ministry of State Security. For years, they allegedly attempted to hack into key agencies and companies, including in the aviation, marine, military, and education and healthcare sectors.

It is not the first time President Biden has spoken harshly at China and Chinese state hackers. According to insiders, the president said in March that he still had a bone to pick with the communist regime. The president is reportedly working on a series of digital retaliations. He is said to have set up a special task force to coordinate counter-attacks. The FBI and Cybersecurity and Infrastructure Security Agency (CISA) are part of this working group, among others.

Catch up on more articles here

Follow us on Twitter here

Ministry blacklists Russian tech companies

0
Ministry blacklists Russian tech companies

Ministry blacklists Russian tech companies

The cyberwar between the US and Russia is entering a new phase. The US Department of Commerce has blacklisted four Russian IT companies and two other companies. According to the department, they are engaged in “aggressive and harmful activities”, including digital espionage. The Russian government would have played a prominent role in this.

According to the US news agency, the Treasury Department imposed sanctions on the six Russian companies last April. The department targeted companies in the technology sector with links to the Russian intelligence services. The sanctions are seen by experts as a measure to punish Russia for hacking into US targets, Russia’s interference in the 2016 US presidential election and the poisoning of opposition leader Alexei Navalny. Moscow has always denied these allegations.

The Ministry of Economic Affairs is adding to the sanctions announced in April. The department has blacklisted Russian companies. This means that American companies are not allowed to trade with these parties. They may not sell or license any equipment or parts.

It is rare for the US government to blacklist foreign companies. Donald Trump, President Biden’s predecessor, put Huawei, ZTE and some 70 other Chinese tech companies on the Entity List . The trade ban went so far as to ban Google from offering updates to its Android operating system to Huawei, nearly killing the company’s smartphone division. Trump said the Chinese companies were a threat to national security. The Federal Communications Commission (FCC), the US telecom watchdog, has provided “overwhelming evidence” to substantiate this accusation.

The Ministry of Economy has been working for months to blacklist Russian IT companies. The companies added to the list include a research centre of the Russian Defense Ministry and an IT company that conducts research for the Russian intelligence service. Several companies denied the allegations of digital espionage. One of the companies said it had participated in “the ethical exchange of information with the professional security community” and had never been involved in any form in an attack on US infrastructure.

The announcement comes at a striking time. President Biden and his Russian counterpart have had several conversations about cybersecurity, cyberattacks and cybercrime since mid-June. In recent months, the US has been the target of ransomware attacks on more than one occasion, severely damaging American society and the economy. Think of the attack on petroleum company Colonial Pipeline, meat producer JBS and global supply chain attack on ICT service provider Kaseya.

“I made it very clear to him [President Putin] that the US expects that when a  ransomware operation is carried out from its territory, even if the state does not order it, we expect them to act if we give them enough information. to act against who that is,” Biden recently told reporters. He has agreed with Putin that they will sound the alarm the moment one of the countries suspects that a (state) hacker is carrying out an attack on the other.

President Biden has said he is ready to retaliate against Russia if President Putin does not intervene against Russian hackers targeting the US. A senior employee confirmed that the reprisals involved both visible and invisible reprisals.

The disappearance of the Russian state hackers REvil is attributed by some to the US. From one day to the next, the hacker collective suddenly disappeared from the digital face of the earth, both on the dark web and the regular internet. The helpdesk was no longer available and spokesperson Unknown was banned from the popular hacker forum XSS.

A Kremlin spokesman told Russia’s state news agency TASS last week that the Russian government has nothing to do with REvil’s disappearance. “I can’t answer your question because I don’t have that information,” he told reporters. “I don’t know where the group is, or where they went.”

Catch up on more articles here

Follow us on Twitter here

Researchers bypass Windows Hello with camera and infrared

0
Researchers bypass Windows Hello with camera and infrared

Security researchers have managed to fool Windows Hello. They managed to get around Microsoft’s facial recognition security by building their own USB device. It was supposed to mimic a webcam and contained infrared images of the owner.

The traditional way of logging in with a username and password is becoming less and less popular every day. Either the method will be supplemented with two-factor authentication, or give way to biometric security. In the latter case, you protect your equipment and data with your own characteristics, such as a fingerprint, iris scan, facial profile or voice. The idea behind this is that you no longer have to remember passwords and that your body characteristics are unique, so they are very difficult or impossible to imitate. There are no two identical fingerprints or facial contours.

Smartphones have had biometric security for years. The fingerprint scanner is perhaps the best-known example of this. And the technology continues to evolve. The optical fingerprint scanner – in which a small sensor under the screen lights up to register the profile of a finger – is increasingly being replaced by an ultrasonic scanner. In the latter variant, ultrasonic sound waves bounce off your finger and this reflection is compared with the stored profile of your fingerprint. Techniques such as facial recognition and iris scanners are also getting better and more and more new biometric security methods are being developed (voice biometrics, palm recognition, blood flow in your veins).

Microsoft has long offered its own form of biometric security: Windows Hello. This is an authentication system that the American hardware and software company uses on its PCs. A family with several family members has the option of creating their own profile and protecting it from, for example, a fingerprint or facial recognition. This way dad knows for sure that sensitive company information is safely locked up and junior can play endlessly. According to Microsoft, 85 per cent of Windows 10 users use Windows Hello.

Windows Hello sounds safe and familiar, but it may be less secure than Microsoft makes it out to be. CyberArk security specialists have been investigating possible vulnerabilities in the authentication system in recent months. They have found a method to bypass Windows Hello facial recognition.

“The vulnerability allows an attacker with physical access to the device to manipulate the authentication process by taking (or imitating) a photo of the target’s face and then plugging in a custom USB device to inject fake images into the authenticating host,” writes security expert Omer Tsarfati.

He says there is no indication that hackers and cybercriminals have managed to circumvent Microsoft’s facial protection in this way. “But a motivated attacker could use it, for example, to attack a researcher, scientist, journalist, activist or privileged user with sensitive intellectual property on their device.”

Windows Hello facial recognition requires a standard camera that supports RGB and infrared (IR). During the investigation, they found out that only infrared frames were processed by the system during the authentication process. To confirm this, the researchers made a self-manufactured USB device with an evaluation board from NXP. With the device, they sent valid infrared frames from the Windows Hello user and RGB frames from the cartoon character Spongebob Squarepants. The software recognized the USB device as a webcam, bypassing Windows Hello facial recognition.

This vulnerability in Windows Hello was disclosed to Microsoft on March 23. At the end of April, the American hardware and software company acknowledged that this was a security problem that had to be solved. Microsoft spoke to CyberArk’s security experts to come up with a solution. In early July, the issue got its own CVE code, CVE-2021-34466 . On July 13, Microsoft rolled out a security update that fixes the vulnerability.

Catch up on more articles here

Follow us on Twitter here

‘Hundreds of journalists bugged with Pegasus spyware NSO Group’

0
'Hundreds journalists bugged Pegasus spyware NSO Group'

‘Hundreds of journalists bugged with Pegasus spyware NSO Group’

At least 189 journalists worldwide may have been spied on with Pegasus, the eavesdropping software of the infamous NSO Group. A consortium of seventeen news organizations claims to have a list of 50,000 telephone numbers from the Israeli spy company. The NSO Group denies all allegations and is even considering a lawsuit for libel.

This has come from various media, including The Guardian and  The Washington Post. Human rights organization Amnesty International and the journalistic non-profit platform Forbidden Stories also devote a lot of attention to the case.

The NSO Group has been under fire for quite some time. The company is responsible for developing spy software called Pegasus. It allows governments and other agencies to hack into smartphones, eavesdrop on communications and steal personal information.

The spyware is usually installed through vulnerabilities in popular apps, or by tapping a rogue URL distributed via SMS or WhatsApp. Once installed, you have access to text messages, emails, photos, videos, location data, contacts and the calendar, among other things. The person at the helm can also unwittingly listen to your microphone, take screenshots, record telephone conversations and activate the camera.

The NSO Group has always said that it only sells its Pegasus software to governments to track down terrorists and criminals. What they do with it next is beyond the Israeli company’s reach. If the NSO Group notices that its software is being misused, it says it will take action against the violators, such as by disabling the program remotely.

The fact that only governments use the NSO Group’s eavesdropping software is now being questioned again. A partnership of seventeen news organizations has joined forces in The Pegasus Project. Various participants published an article on Sunday evening Dutch time in which they say they have a list of the telephone numbers of 50,000 people who may have been tapped. How they managed to get hold of this list is unknown.

According to The Washington Post, the victims were selected for possible surveillance via Pegasus between early 2016 and June 2021. No names are mentioned with the telephone numbers. The participating news organizations say they have identified more than a thousand numbers. The people on the list come from fifty countries. It lists the numbers of at least 65 business people, 85 human rights activists and more than 600 politicians, including ministers, diplomats and security officials.

The list also contains the telephone numbers of 189 journalists. They work for CNN, Associated Press (AP), The Wall Street Journal, The New York Times, The Financial Times, Bloomberg and Al Jazeera, among others. Amnesty International’s Security Lab conducted a forensic investigation and determined that at least 67 smartphones were infected with the NSO Group’s spy software. Another 14 devices showed ‘signs of possible hacking attempts.

The NSO Group reacts incensed to the story of the news organizations. The Guardian has published an extensive response from the company from Israel. In the press statement, the NSO Group strongly denies the ‘false claims’. In his own words, the report is based on “unconfirmed theories, which raise serious doubts about the reliability of the sources, as well as the basis of the story.”

“NSO does not operate the systems it sells to vetted government customers, and has no access to the data of its customers’ targets. NSO does not exploit its technology, does not collect, own, or access any data from its customers.” Due to contractual and national security considerations, the NSO Group cannot ‘confirm or deny’ customers’ identities.

Across The Verge says a spokesman of the NSO Group that nothing beats the story. “After verifying the allegations, we strongly deny the false allegations in their reporting,” the spokesperson said. He says “these allegations are so outrageous and factual” that the company is considering filing a lawsuit for defamation and defamation.

The reading that the NSO Group is only selling its eavesdropping software to governments is a reading that has been questioned for some time. Amnesty International filed a lawsuit a year ago when it turned out that Pegasus had been found on the smartphone of a Moroccan journalist. The human rights organization called it an attack on freedom of expression. Amnesty ultimately lost the lawsuit due to insufficient evidence.

At the end of 2019, WhatsApp sued the NSO Group and parent company Q Cyber ​​Technologies in the US. WhatsApp accused the company of being actively involved in the use of spyware. According to the American messaging service, the Pegasus software would have been used to eavesdrop on the phones of at least 1,400 WhatsApp users.

Catch up on more articles here

Follow us on Twitter here

Four Chinese citizens accused of cyberattacks on companies, universities and government agencies in the United States and other countries

0
Four Chinese citizens accused cyberattacks on companies, universities government agencies United States other countries

Four Chinese citizens accused of cyberattacks on companies, universities and government agencies in the United States and other countries

Cyber-attacked industries included aviation, defence, education, government, healthcare, biopharmaceuticals, maritime affairs, and others.

Four Chinese citizens, who are suspected of collaborating with the Ministry of State Security of the PRC, are accused of cyberattacks on companies, universities and government agencies in the United States, Germany, Canada, South Africa, Great Britain, Austria, Switzerland, Saudi Arabia and several other countries from 2011 to 2018, reports the official website of the US Department of Justice.

“Most of the stolen data was associated with information that brought significant economic benefits to Chinese companies and commercial sectors, including information that would bypass the lengthy and time-consuming research and development processes,” the US Department of Justice said in a press release.

Industries such as aviation, defence, education, government, healthcare, biopharmaceuticals and maritime industries have been targeted by cybercriminals. Research institutes and universities have been cyberattacks on infectious diseases such as Ebola, HIV / AIDS, Marburg virus and tularemia.

According to the Ministry of Justice, each of the defendants is accused of conspiracy to commit computer fraud, as well as to commit economic espionage, which carries a maximum sentence of up to five and 15 years in prison, respectively.

A senior US administration official said on Monday that the US, NATO and the EU are accusing the Chinese authorities of collaborating with hired hackers and promising steps in response to Beijing’s “irresponsible” behaviour.

Catch up on more articles here

Follow us on Twitter here

British authorities blame Chinese groups for attacks on Microsoft Exchange

0
British authorities blame Chinese groups attacks Microsoft Exchange

The Chinese Ministry of State Security is believed to be behind the activities of APT40 and APT31.

The UK government said government-backed Chinese entities are responsible for gaining access to computer networks through Microsoft Exchange servers. The attacks occurred in early 2021 and affected more than a quarter of a million servers worldwide.

“The cyberattack on Microsoft Exchange Server by Chinese government groups was a reckless but familiar pattern. The Chinese government must put an end to this systematic cyber sabotage and can count on being held accountable otherwise, ”said UK Foreign Secretary Dominic Raab

According to the UK authorities, the Ministry of State Security of China is behind the activities of the cybercriminal groups APT40 and APT31. The Chinese government has ignored repeated calls to end its reckless campaign, instead of allowing its has to scale up its attacks and act recklessly.

The UK calls on China to reaffirm its 2015 and G20 commitment to the UK not to engage in or support cybercrime theft of intellectual property and trade secrets.

As part of an intergovernmental response, the UK’s National Cyber ​​Security Center (NCSC) has issued specific mitigation guidelines for over 70 affected organizations.

The NCSC believes that the Microsoft Exchange hack was initiated and used by Chinese government hackers from the HAFNIUM group.

APT40 (also known as TEMP.Periscope, TEMP.Jumper and Leviathan) in turn targets the maritime industry and naval defence contractors in the US and Europe. According to the NCSC, APT40 is allegedly linked to China’s Ministry of State Security and is acting in accordance with key requirements of China’s state intelligence. APT40 is most likely sponsored by the MSS Regional Security Office by the Hainan State Security Department (HSSD).

APT31 (also known as Judgment Panda, Zirconium and Red Keres) has targeted government agencies, politicians, contractors and service providers in European countries since 2020. According to the NCSC, APT31 is almost certainly linked to the Chinese state and probably APT31 is a group of contractors working directly for China’s Ministry of State Security.

The White House also issued a statement linking the recent attacks on Microsoft Exchange servers to the People’s Republic of China (PRC).

Catch up on more articles here

Follow us on Twitter here