News

FireEye CEO Blames Chinese Hackers for Indiscriminate Cyberattacks on Microsoft Exchange

Information security experts have accused Chinese hackers of massive indiscriminate and automated cyberattacks on Microsoft Exchange servers around the world.

It looks like China has launched a second wave of untypical for it indiscriminate cyberattacks that pave the way for ransomware and other malware.

According to Kevin Mandia, executive director of information security company FireEye, the second wave of cyberattacks that began on February 26 is significantly different from what until recently Chinese cyber spies were usually engaged in, and indicates that the Chinese have expanded their cyberattacks beyond espionage operations. If during the first wave in January of this year they carefully selected their victims, in the second wave took place massive indiscriminate attacks.

“I would hate to see a modern state like China with great offensive capabilities (which it usually closely controls) suddenly attack potentially hundreds of thousands of systems”, — Mandia told the Associated Press.

According to FireEye, as part of automated attacks, two cybercriminal groups working for the Chinese government indiscriminately installed web shells (backdoors) on an unknown number of systems. Experts fear that a large number of these systems could be infected with secondary malware, including ransomware.

The US government has described the attacks as an “active threat” but had no retaliation against China, at least not publicly. It is unknown, if the authorities believe that Chinese hackers are responsible for the second wave of cyberattacks.

Mandia supports the position of his colleague Dmitry Alperovich, the former director of the well-known information security company CrowdStrike, who believes that China urgently needs to deliver an ultimatum to immediately curtail all web-implants and limit additional ones.

The spike in automated cyberattacks on Microsoft Exchange came five days before Microsoft released fixes for vulnerabilities discovered in January by Volexity. According to it, exploitation of vulnerabilities began on January 3. They were used by Chinese hackers to attack academics, universities, defence contractors, law firms and infectious disease research centres.

A few days before the patches were released, all organizations using Microsoft Exchange were suddenly infected with backdoors associated with a well-known cybercriminal group from China, which, realizing that vulnerabilities soon will be fixed, rushed to attack everything it could find.

“They felt the end was approaching and just went berserk, firing at everyone around with a machine gun. Perhaps the second wave of infections was not approved at the highest level of the Chinese government”, — Mandia suggested.

Let me remind you that we reported that Chinese hackers also took part in attacks on SolarWinds clients, and that Chinese hackers used NSA exploit years before The Shadow Brokers leak.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)
Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Recent Posts

Remove Pbmsoultions pop-up ads (Virus Removal Guide)

Pbmsoultions.com is a domain that tries to trick you into clik to its browser notifications…

12 hours ago

Remove Prizestash pop-up ads (Virus Removal Guide)

Prizestash.com is a site that tries to trick you into subscribing to its browser notifications…

12 hours ago

Remove Verifiedbreaking pop-up ads (Virus Removal Guide)

Verifiedbreaking.com is a domain that tries to force you into subscribing to its browser notifications…

12 hours ago

Remove Themoneyminutes pop-up ads (Virus Removal Guide)

Themoneyminutes.com is a domain that tries to force you into subscribing to its browser notifications…

13 hours ago

Remove News-xcidizi pop-up ads (Virus Removal Guide)

News-xcidizi.com is a domain that tries to trick you into clik to its browser notifications…

16 hours ago

Remove Everytraffic-flow pop-up ads (Virus Removal Guide)

Everytraffic-flow.com is a domain that tries to trick you into subscribing to its browser notifications…

16 hours ago