US sanctions, Microsoft Exchange vulnerabilities, and other cybersecurity developments
Here are the week’s most important cybersecurity stories.
- The United States announced a new round of sanctions against Russia and related entities. The measures target IT companies, including Positive Technologies, as well as cryptocurrency addresses alleged to be linked to Russia’s “troll factory”.
- Experts continued patching Microsoft Exchange vulnerabilities. The FBI gained remote access to computers to remediate the breach.
- The media learned who hacked the San Bernardino terrorist’s iPhone when Apple refused to assist.
Hackers turn to hidden Monero mining via Microsoft Exchange vulnerabilities
Threat actors are using compromised Microsoft Exchange servers to perform covert Monero mining, Sophos researchers have found.
Analysts note that funds began flowing into the attackers’ wallet on March 9—after news of the Microsoft Exchange vulnerabilities emerged.
At one point the attackers “lost” several servers and the volume of cryptocurrency mined declined, but later recovered, Sophos added.
Identified: who helped the FBI unlock the San Bernardino terrorist’s iPhone
In 2015 the FBI seized the iPhone of the San Bernardino attacker. When the agency could not bypass Apple’s protections to access the device, the FBI turned to the company itself.
However Apple refused to assist, after which the FBI sought a court order to compel cooperation. Apple said the FBI was seeking a backdoor to access other users’ phones.
Later the court case was halted. It emerged that authorities found another way to access the device. As The Washington Post reported, a little-known Australian company Azimuth Security helped extract data from the terrorist’s iPhone. Motherboard later corroborated this.
Motherboard confirmed Azimuth’s involvement in unlocking the iPhone at the center of the San Bernardino terrorist attack investigation with a source with knowledge of the company’s operations. https://t.co/vvEHfxJdDO
— Motherboard (@motherboard) April 14, 2021
The firm specializes in vulnerability research across software. The iOS bug was discovered in Mozilla’s open-source code that Apple used to connect accessories to the iPhone’s Lightning port. Using it, Azimuth Security helped unlock the device.
The Biden administration formally accuses Russia of SolarWinds attacks and imposes new sanctions
American authorities announced a new package of sanctions against Russia. The measures target Russian IT companies as well as a number of cryptocurrency addresses linked to entities believed to have helped Russian intelligence agencies meddle in U.S. elections and spread disinformation.
Part of the sanctions was a response to the SolarWinds cyber intrusions via compromised software. The White House said the operation was conducted by Russia’s Foreign Intelligence Service and tied hackers APT 29 (also known as Cozy Bear or The Dukes).
Rumors that Russia stood behind the SolarWinds attack have circulated in U.S. government circles and the media since early reports. Read more about the breach at the link below:
FBI gained access to hundreds of computers to remove SolarWinds-related remnants from Exchange
The U.S. Department of Justice announced a court-authorized FBI operation to remove malicious files from hundreds of computers in the United States running Microsoft Exchange, where vulnerabilities had been found.
The removed web shells could have been used by hackers to maintain persistent unauthorized access to U.S. networks, the DOJ noted.
During the operation, Microsoft Exchange vulnerabilities were not patched, nor were other malware or tools that attackers might have installed removed.
This week Microsoft itself released patches for Exchange Server addressing the newly disclosed vulnerabilities.
The NSA reported the vulns responsibly: https://t.co/kqxjRnayn2
— Kevin Beaumont (@GossiTheDog) April 13, 2021
The White House urged U.S. agencies to install the issued update immediately and urged all users to do so.
Chrome reveals several vulnerabilities
Google released updates to Chrome for Windows, Mac and Linux to fix the reported vulnerabilities. A zero-day vulnerability was later found in Chrome as well.
another chrome 0dayhttps://t.co/QJy24ARKlU
Just here to drop a chrome 0day. Yes you read that right.— frust (@frust93717815) April 14, 2021
Report: there are more than 1,900 hacker groups active worldwide
According to FireEye, there are currently more than 1,900 hacker groups active globally, as tracked by the cybersecurity firm.
The wait is over! 👏
Get your very own copy of #MTrends today and dig into the data and insights from the past year’s investigations: https://t.co/JGWsUWmVWC pic.twitter.com/zEm5xp8MUJ
— FireEye (@FireEye) April 13, 2021
The groups are broadly categorised into three types — financially motivated hackers, APT groups including state-backed actors from China, Iran and Vietnam, and those that remain hard to classify.
Putin approves Russia’s international information security policy framework
President Vladimir Putin signed a decree laying out the fundamentals of the country’s policy on international information security. Among the chief threats listed are the use of information and communication technologies to undermine sovereignty, fraud, cyberattacks and crime.
Also on ForkLog:
- Roskomnadzor demanded that Twitter, Facebook and Google confirm data localization in Russia.
- Users of Celsius Network were targeted by phishing campaigns.
- User data from free.navalny was exposed.
- Pirated office software contains malware for data and cryptocurrency theft.
What to read this weekend?
For ForkLog, Crystal Blockchain has detailed the Harvest Finance hack, the largest DeFi incident of late 2020.
Read ForkLog’s bitcoin news on our Telegram — cryptocurrency news, prices and analysis.
Рассылки ForkLog: держите руку на пульсе биткоин-индустрии!