FireEye CEO Blames Chinese Hackers for Indiscriminate Cyberattacks on Microsoft Exchange
Information security experts have accused Chinese hackers of massive indiscriminate and automated cyberattacks on Microsoft Exchange servers around the world.
It looks like China has launched a second wave of untypical for it indiscriminate cyberattacks that pave the way for ransomware and other malware.According to Kevin Mandia, executive director of information security company FireEye, the second wave of cyberattacks that began on February 26 is significantly different from what until recently Chinese cyber spies were usually engaged in, and indicates that the Chinese have expanded their cyberattacks beyond espionage operations. If during the first wave in January of this year they carefully selected their victims, in the second wave took place massive indiscriminate attacks.
“I would hate to see a modern state like China with great offensive capabilities (which it usually closely controls) suddenly attack potentially hundreds of thousands of systems”, — Mandia told the Associated Press.
According to FireEye, as part of automated attacks, two cybercriminal groups working for the Chinese government indiscriminately installed web shells (backdoors) on an unknown number of systems. Experts fear that a large number of these systems could be infected with secondary malware, including ransomware.
The US government has described the attacks as an “active threat” but had no retaliation against China, at least not publicly. It is unknown, if the authorities believe that Chinese hackers are responsible for the second wave of cyberattacks.
Mandia supports the position of his colleague Dmitry Alperovich, the former director of the well-known information security company CrowdStrike, who believes that China urgently needs to deliver an ultimatum to immediately curtail all web-implants and limit additional ones.
The spike in automated cyberattacks on Microsoft Exchange came five days before Microsoft released fixes for vulnerabilities discovered in January by Volexity. According to it, exploitation of vulnerabilities began on January 3. They were used by Chinese hackers to attack academics, universities, defence contractors, law firms and infectious disease research centres.
A few days before the patches were released, all organizations using Microsoft Exchange were suddenly infected with backdoors associated with a well-known cybercriminal group from China, which, realizing that vulnerabilities soon will be fixed, rushed to attack everything it could find.
“They felt the end was approaching and just went berserk, firing at everyone around with a machine gun. Perhaps the second wave of infections was not approved at the highest level of the Chinese government”, — Mandia suggested.
Let me remind you that we reported that Chinese hackers also took part in attacks on SolarWinds clients, and that Chinese hackers used NSA exploit years before The Shadow Brokers leak.