At a glance.
- Developments in the case of China's cyberespionage against government Exchange users.
- Industrial controller vulnerabilities pose a risk to critical infrastructure.
- USB attacks have risen three-fold in the first half of 2023.
- CISA adds two vulnerabilities to its Known Exploited Vulnerabilities Catalog.
- Ghostwriter's continued activity focuses on Poland and Ukraine.
- Hacktivist auxiliaries swap DDoS attacks.
- Lessons learned from cyber warfare in Russia's war.
Developments in the case of China's cyberespionage against government Exchange users.
The Washington Post reports that the US government is still investigating how a Chinese APT carried out attacks against US State and Commerce Department email accounts. Specifically, the government is trying to determine how the threat actor obtained the Microsoft account consumer signing keys used to gain access. Microsoft hasn’t disclosed any vulnerabilities related to the attack. Adam Meyers, senior vice president of intelligence at CrowdStrike, wonders if the attack involved a Microsoft insider, since the hackers would have needed “a more powerful internal key controlled by Microsoft” in order to create consumer signing keys. Jason Kikta, chief information security officer at Automox, stated, “This attack used a stolen key that Microsoft’s design failed to properly validate. The inability to do proper validation for authentication is a habit, not an anomaly.”
The UK’s National Cyber Security Centre (NCSC) is also working with Microsoft to determine the impact of the hacks, according to Reuters.