Exchange Server exploitation spreads. US CYBERCOM says SolarWinds exploitation thwarted. FIN8 is back. TA800’s new access tool.

0
171

Microsoft Exchange Server vulnerabilities have been exploited against Norway’s parliament. BleepingComputer reports that the Storting yesterday disclosed that it had lost some data, but that investigation was incomplete, and the full extent of the damage was still unknown. The Storting thinks this attack is unconnected to the incursion by Fancy Bear, Russia’s GRU, that was discovered in December.

Many threat actors, both intelligence services and criminal gangs, have rushed to exploit these Exchange Server vulnerabilities. The FBI and CISA yesterday issued a joint advisory on the Microsoft Exchange Server compromise. It includes a summary of the methods the threat actors are using against their targets as well as a set of actions victims can take to mitigate the damage. The advisory remains coy about attribution (“nation-state actors and cyber criminals are likely among those exploiting these vulnerabilities”).

Reuters’ Chris Bing tweets that CISA expects to release, “soon,” more evidence attributing the SolarWinds compromise to Russia. In the meantime US Cyber Command has offered some reassurance about the dot mil domain. The Record reports that Cyber Command’s Executive…

Read More…