Holiday Bear read US DHS emails. US prepares response to Russia. Exchange Server exploitation continues. Norms for cyberspace.
The AP’s report that the Russian threat group behind the SolarWinds supply chain compromise gained access to email accounts of senior US Homeland Security officials (including those of former acting DHS Secretary Chad Wolf) continues to draw attention. The Washington Post says it’s confirmed that Secretary Wolf’s emails were indeed stolen. Members of both the US Senate and House have asked the Administration for an explanation.
The US Administration is believed to be nearing a decision on a response to the Russian operation. Delay in appointing the National Cyber Director the Solarium Commission recommended and Congress authorized is seen, Politico reports, as hindering the execution of whatever response the Administration decides upon.
Check Point adds its conclusions concerning a trend remarked by SecurityWeek and several others: ransomware attacks are surging against still vulnerable instances of Microsoft Exchange Server, tripling over the past week alone. SecurityWeek’s partial list of the criminal groups who’ve entered via the zero day Hafnium (a Chinese government actor) exposed includes ransomware operators DearCry (also known as DoejoCrypt) and Black Kingdom (also known as Pydomer), with the Lemon Duck cryptojacking botnet joining in for good measure.
Microsoft blogs its approval of the United Nations’ evolution of proposed international norms for conduct in cyberspace. Redmond sees “particularly noteworthy” aspects of the report by the General Assembly’s Open-ended Committee as affirmation of authority of international law in cyberspace and the protection of such essentially noncombatant sectors as healthcare and the information communications technology (ICT) supply chain from nation-state cyberattack.
Gloss