Security Experts:

Connect with us

Hi, what are you looking for?



US Moves Closer to Retaliation Over Hacking as Cyber Woes Grow

A senior US official said Friday the Biden administration is close to a decision on retaliation for state-sponsored hacking as fears grew over the fallout from the latest of two major cyberattacks.

A senior US official said Friday the Biden administration is close to a decision on retaliation for state-sponsored hacking as fears grew over the fallout from the latest of two major cyberattacks.

The official said the White House was working closely with the private sector to ramp up cyber defenses following the attacks which targeted Microsoft Exchange servers and SolarWinds security software, potentially compromising thousands of government and private computer networks.

US officials had previously hinted at moves against Russia, which has been linked to the massive SolarWinds hack that shook the government and corporate security last year. The latest comments suggested forthcoming actions.

“You can expect further announcements on that in weeks, not months,” the senior official said, in reference to SolarWinds, in a briefing with reporters on the two hacking incidents.

The official, who asked not to be identified, said federal agencies had made progress in patching systems at nine federal agencies affected by the SolarWinds attack.

But an urgent effort is underway to remedy the Microsoft Exchange hack, which opened security holes that are actively being exploited by cybercriminals and others.

To help find solutions, “for the first time we’ve invited private sector companies to participate” in key national security meetings on the attacks, the official said.

The response “is still evolving,” according to the official, who noted: “We really have a short window to get vulnerable servers patched, measured in hours, not days.”

– New ransomware emerges –

The comments came as a new strain of ransomware has emerged which exploits a security flaw in Microsoft Exchange servers, signaling potentially damaging consequences from the high-profile hack.

Microsoft and other security researchers said the new ransomware dubbed “DearCry” was showing up in servers affected by the breach attributed to a Chinese hacker group.

“We have detected and are now blocking a new family of ransomware being used after an initial compromise of unpatched on-premises Exchange Servers,” said a tweet from Microsoft Security Intelligence.

Other researchers including Michael Gillespie, founder of the ID Ransomware service, noted the new strain of malware on Thursday, which could lead to a new wave of attacks that encrypt computer systems and seek to extract payments from operators.

This is the latest sign that the security flaw which became public this month could open the door to a variety of hackers, cybercriminals and cyberespionage operators.

“While patching to prevent compromises will be easy, remediating any systems that have already been compromised will not,” said Brett Callow of the security firm Emsisoft.

“At this point, it’s absolutely critical that governments quickly come up with a strategy to help organizations secure their Exchange servers and remediate any compromises before an already bad situation becomes even worse.”

Earlier this week the FBI and Department of Homeland Security warned that the Exchange server vulnerability may be exploited for nefarious purposes.

A joint statement by the agencies said that “adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack.”

The DHS Cybersecurity and Infrastructure Security Agency has been pressing for patches to be applied to networks in both government and the private sector.

The potentially devastating hack is believed to have affected at least 30,000 Microsoft email servers in government and private networks and has prompted calls for a firm response to state-sponsored attacks which could involve “hacking back” or other measures.

RelatedRansomware Operators Start Targeting Microsoft Exchange Vulnerabilities

Related: At Least 10 Threat Actors Targeting Recent Microsoft Exchange Vulnerabilities

Written By

AFP 2023

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


WASHINGTON - Cyberattacks are the most serious threat facing the United States, even more so than terrorism, according to American defense experts. Almost half...

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.