The Los Angeles Post

US, UK authorities say Russian hackers exploited Microsoft vulnerabilities

by ·

American and British authorities said Friday that Russian state-sponsored hackers exploited major vulnerabilities in Microsoft’s Exchange Server, which were previously used by at least one Chinese state-sponsored hacking group to compromise potentially thousands of organizations. Meanwhile, lawmakers on both sides of the aisle are pushing hard for more cyber funding in the annual appropriations bills, and Google child care workers are pushing for a transportation stipend from the company.

 Russian state-sponsored hackers were among those to exploit recently uncovered vulnerabilities in Microsoft’s Exchange Server email application, which potentially compromised thousands of organizations, a coalition of American and British federal agencies warned Friday.

The finding was part of a joint advisory released Friday by the FBI, the National Security Agency, the Cybersecurity and Infrastructure Security Agency and the United Kingdom’s National Cyber Security Centre that detailed cybersecurity tactics and techniques Russia’s Foreign Intelligence Service, or SVR, uses to hack global organizations.

The agencies warned that the SVR had been “observed making use of numerous vulnerabilities, most recently the widely reported Microsoft Exchange vulnerability,” and that the Russian hackers deploy webshells on servers they are able to breach, along with using them for “further exploits.”

The agencies also stressed in the advisory, written by British authorities, that the SVR is “a technologically sophisticated and highly capable cyber actor” that had “developed capabilities to target organisations globally, including in the UK, US, Europe, NATO member states and Russia’s neighbours.”

Microsoft in March announced it had uncovered previously unknown vulnerabilities in its Exchange Server program, and that at least one Chinese state-sponsored hacking group was exploiting the vulnerabilities to access thousands of organizations around the world for at least two months prior to discovery.

The incident came on the heels of the SolarWinds hack, first discovered late last year, which involved Russian hackers compromising software from the IT group to breach nine federal agencies and at least 100 private sector groups.