The U.S. Blames China for MS Exchange Attacks and Names 4 Members of APT 40
Last updated September 21, 2021
As reported by TechCrunch, Microsoft has sent notices to about 10000 of their enterprise customers, warning them that they are being targeted by state-sponsored hackers. Not all of them were compromised, either because Microsoft warned them of the attacks or thanks to the protection systems that the client already had in place. Out of the 10000 recipients of the notices, 8400 are businesses and corporations, and only 1600 are personal accounts. This focus indicates that the motive behind the attacks was the gathering of intelligence, so the states that sponsored these attacks were the “classic” US opposition like Iran, Russia, and North Korea.
Microsoft has documented the activities of groups that come from these countries and has tracked and managed to take over the infrastructure of some of them when that was achievable. Russian hackers such as the APT 28 group (Fancy Bear) managed to cause problems during the 2016 presidential election, while the Iran-based APT 33 (Holmium) and APT 35 (Phosphorus) have both succeeded in stealing valuable corporate information thanks to their sophisticated attacks and even long-term campaigns. The biggest trouble from North Korea was the “Thallium” group, which also launched several attacks to critical enterprises.
Microsoft warns of how attacks that specifically target organizations that are engaged in neuralgic areas are a direct threat to democracy. For this reason, they have expanded their “AccountGuard” threat notification service for key political entities and non-governmental organizations, now covering 26 countries. Already, they have sent 781 notifications to these democracy-focused organizations, with 95% of them being based in the United States again. This indicates that the menace is far greater for the US entities right now than there’s for any other organization on different locations in the world.
Along with the presentation of this data, Microsoft announced their “ElectionGuard” tool that is part of their “Defending Democracy Program”. This free and open-source kit is meant to be incorporated into voting systems in the USA and around the world, featuring end to end verification, secure validation by third-party organizations, and individual voters confirmation and vote counting affirmation. The whole system is auditable, so problems relating to the public confidence are taken out of the picture as well. The ElectionGuard SDK has been made available on GitHub, and Microsoft hopes that it will be fully ready and deployable for the upcoming 2020 elections in the US.
Have something to say on the above? Feel free to do so in the comments down below, and also on our socials, on Facebook and Twitter.