Lawmakers criticised Microsoft for failing to prevent these cyberattacks, which exposed federal networks to significant risk. They highlighted a report by the Cyber Safety Review Board (CSRB) that condemned Microsoft for lack of transparency regarding the China hack, labelling it preventable. Smith acknowledged the report’s findings and stated that Microsoft acted on most of its recommendations. He emphasised the growing threat posed by nations like China, Russia, North Korea, and Iran, which are increasingly sophisticated and aggressive in their cyberattacks.
During the hearing, Smith defended Microsoft’s role, saying that the US State Department’s discovery of the hack demonstrated the collaborative nature of cybersecurity. However, Congressman Bennie Thompson expressed dissatisfaction, stressing that Microsoft is responsible for detecting such breaches. Given its substantial investments there, panel members also inquired about Microsoft’s operations in China. Smith noted that the company earns around 1.5% of its revenue from China and is working to reduce its engineering presence in the country.
Despite facing significant criticism over the past year, some panel members, including Republican Congresswoman Marjorie Taylor Greene, commended Smith for accepting responsibility. In response to the CSRB’s findings, Microsoft has pledged to prioritise security above all else, launching a new cybersecurity initiative in November to bolster its defences and ensure greater transparency moving forward.
The Dutch military intelligence and security service (MIVD) has raised alarms over a global Chinese cyber-espionage campaign, that successfully targeted ‘a significant number of victims’, including Western governments, international organisations and the defense industry. The Netherlands’ National Cyber Security Centre (NCSC) provided the details of this operation in the warning sharing how state-sponsored hackers exploited a vulnerability in FortiGate devices for ‘at least two months before Fortinet announced the vulnerability.’
This vulnerability, identified as CVE-2022-42475, was leveraged during a ‘zero-day period’ to compromise around 14,000 devices in Netherlands. In particular, the warning says that the had successfully breached the internal computer network of the Dutch Ministry of Defence. After gaining access, the hackers deployed a remote access trojan (RAT) named COATHANGER to perform reconnaissance and exfiltrate user account information from the Active Directory server. It, however, remains unclear how many of these systems were infected with the COATHANGER malware. The MIVD warned that identifying and removing these infections is particularly challenging.
“The NCSC and the Dutch intelligence services therefore state that it is likely that the state actor still has access to systems of a significant number of victims,” the report cautioned, emphasizing the ongoing threat posed by this extensive cyber-espionage campaign.
A ransomware attack on Synnovis, a pathology services provider, has severely disrupted major hospitals in London, including King’s College Hospital, Guy’s and St Thomas’, and the Royal Brompton. This incident has led to the cancellation and redirection of numerous medical procedures. The hospitals have declared a ‘critical incident’ due to the significant impact on services, notably affecting blood transfusions. Synnovis’ CEO, Mark Dollar, expressed deep regret for the inconvenience caused and assured efforts to minimise the disruption while maintaining communication with local NHS services.
Patients in various London boroughs, including Bexley, Greenwich, and Southwark, have been affected. Oliver Dowson, a 70-year-old patient at Royal Brompton, experienced a cancelled surgery and expressed frustration over repeated delays. NHS England’s London region acknowledged the significant impact on services and emphasised the importance of attending emergency care and appointments unless instructed otherwise. They are working with the National Cyber Security Centre to investigate the attack and keep the public informed.
Synnovis, a collaboration between SYNLAB UK & Ireland and several NHS trusts, prides itself on advanced pathology services but has fallen victim to this attack despite stringent cybersecurity measures. Deryck Mitchelson from Check Point highlighted the healthcare sector’s vulnerability to such attacks, given its vast repository of sensitive data. Recent cyber incidents in the UK, including a similar attack on NHS Dumfries and Galloway, underscore the persistent threat to healthcare services. Government agencies actively mitigate the current situation and support affected NHS organisations.
A report released by the US Cyber Safety Review Board on Tuesday blamed Microsoft for a targeted Chinese hack on top government officials’ emails, deeming it ‘preventable’ due to cybersecurity lapses and lack of transparency. The breach, orchestrated by the Storm-0558 hacking group affiliated with China, originated from the compromise of a Microsoft engineer’s corporate account. Microsoft highlighted ongoing efforts to bolster security infrastructure and processes, pledging to review the report for further recommendations.
Despite acknowledging the inevitability of cyberattacks from well-resourced adversaries, Microsoft emphasised its commitment to enhancing system defences and implementing robust security measures. The company highlighted ongoing efforts to fortify systems against cyber threats and enhance detection capabilities to fend off adversarial attacks. The incident underscores the persistent challenges posed by cyber threats and the imperative for technology companies to prioritise cybersecurity measures to safeguard sensitive data and operations against evolving threats.
Overall, the agency will work to ‘provide expert advice, research, and development to support countering terrorism, countering state threats, and protecting the public’. Goals include protecting UK’s critical infrastructure, as well as the country’s economy and its science and technological advantage.
NoName057(16), a hacktivist group described as pro-Russian, is reportedly targeting websites of candidates in the 2023 Czech presidential elections. According to SentinelLabs, the action is part of a distributed-denial-of-service (DDoS) attacks campaign that the group has been conducting against government organisations and critical infrastructures in Ukraine and NATO member states since the start of the war in Ukraine. Some of the most recent targets are said to include Denmark’s financial sector and organisations and businesses in Poland and Lithuania.
The organisation allegedly carried out these attacks utilising open Telegram channels, a DDoS payment program run by volunteers, a multi-OS supported toolkit, and GitHub.
The Biden administration is reportedly pushing for a US national cybersecurity strategy that calls for more cybersecurity regulations, including in relation to the US critical infrastructure. The strategy, expected to be signed in the coming weeks, would require that regulations are developed by consulting industry actors as a means to ensure that the rules advance security without being unworkable or unduly burdensome. As Mark Montgomery, a senior fellow at the Foundation for Defense of Democracies argues, ‘the strategy reflects the hard lessons we’ve learned from SolarWinds to Colonial Pipeline — that our supply chain and our critical infrastructures are under duress,’ and the key part will be translating all of this into action.
Iran’s Infrastructure Communications Company announced on 6 January 2023 that it had prevented a cyberattack on the country’s central bank. Amir Mohammadzadeh Lajevardi, head of the company, was quoted by local media as saying that the bank was targeted by a distributed denial of service (DDoS) attack. In October, Anonymous and other global hacking groups threatened to launch cyberattacks against Iranian institutions and officials in support of anti-government protests and to thwart internet censorship in Iran.
