Geeks for your information News Privacy & Security News v
‘DeadRinger’ Targeted Exchange Servers Long Before Discovery
‘DeadRinger’ Targeted Exchange Servers Long Before Discovery
silversurfer Offline
Staff Member
******
Posts: 3,885
Threads: 3,283
Thanks Received: 5,065 in 3,838 posts
Thanks Given: 6,205
Joined: 12 September 18
#1
Information  04 August 21, 13:18
Quote:Threat actors linked to China exploited the notorious Microsoft Exchange ProxyLogon vulnerabilities long before they were publicly disclosed, in attacks against telecommunications companies aimed at stealing sensitive customer data and maintaining network persistence, researchers have found.
 
Researchers from Cybereason have been tracking multiple cyberespionage campaigns – collectively dubbed “DeadRinger” – since 2017, reporting initially on findings that a Chinese threat group dubbed SoftCell was targeting billing servers to steal call records from telecoms in Africa, the Middle East, Europe and Asia in 2019.
 
report released Tuesday builds upon this research, identifying two new threat groups – Naikon APT and Group-3390 – that also appear to be working for China’s regime to compromise billing servers to steal telco call records as well as maintain persistent access to their networks through other core components, according to the report.
 
The report also discloses that SoftCell targeted a set of Microsoft Exchange vulnerabilities collectively known as ProxyLogon “long before they became publicly known,” researchers wrote. These vulnerabilities spurred a frenzy of attacks earlier this year before Microsoft mitigations and patches began to take effect.
 
Indeed, threat actors used similar tactics to those exposed recently in the Hafnium zero-day attacks – which were recently blamed on China and condemned by the White House – that exploited ProxyLogon vulnerabilities in Microsoft Exchange Servers to gain access to the targeted networks, according to the report.
 
Overall, the attacks show an aggressive assault by China on the security of critical infrastructure that – similarly to the SolarWinds and Kaseya attacks – compromise third-party service providers to ultimately attack their customers while undermining those trust relationships and causing other collateral damage, Cybereason CEO and co-founder Lior Div said.
 
“These state-sponsored espionage operations not only negatively impact the telecoms’ customers and business partners, they also have the potential to threaten the national security of countries in the region and those who have a vested interest in the region’s stability,” he said in a press statement.

Read more: ‘DeadRinger’ Targeted Exchange Servers Long Before Discovery | Threatpost
[-] The following 1 user says Thank You to silversurfer for this post:
  • harlan4096
Find
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)
[-]
Welcome
You have to register before you can post on our site.

Username/Email:


Password:

[-]
Recent Posts
QOwnNotes 19.1.6
24.12.4 The wel...Kool — 12:56
INTEL Arc Graphics 32.0.101.6325/6253 dr...
Highlights Fix...harlan4096 — 11:06
GFYI [Official] Revo Uninstaller Pro v5...
"Share feedback...damien76 — 09:01
GFYI [Official] SpyShelter PRO v15 Chri...
Merry Christmas and ...damien76 — 08:56
GFYI [Official] IObit Christmas 2024 Bl...
Merry Christmas and ...damien76 — 08:54

[-]
Birthdays
Today's Birthdays
No birthdays today.
Upcoming Birthdays
No upcoming birthdays.

[-]
Online Staff
There are no staff members currently online.

>