More than 20,000 US organizations compromised through Microsoft flaw

Microsoft has said a state-sponsored hacking group operating out of China is exploiting previously unknown security flaws in its Exchange email services to steal data from business users. (AFP / GERARD JULIEN)
Microsoft has said a state-sponsored hacking group operating out of China is exploiting previously unknown security flaws in its Exchange email services to steal data from business users. (AFP / GERARD JULIEN)
Short Url
Updated 06 March 2021

More than 20,000 US organizations compromised through Microsoft flaw

More than 20,000 US organizations compromised through Microsoft flaw
  • The hacks are continuing despite emergency patches issued by Microsoft on Tuesday
  • Microsoft and the person working with the US response blamed the initial wave of attacks on a Chinese government-backed actor

WASHINGTON: More than 20,000 US organizations have been compromised through a back door installed via recently patched flaws in Microsoft Corp’s email software, a person familiar with the US government’s response said on Friday.
The hacking has already reached more places than all of the tainted code downloaded from SolarWinds Corp, the company at the heart of another massive hacking spree uncovered in December.
The latest hack has left channels for remote access spread among credit unions, town governments and small businesses, according to records from the US investigation.
Tens of thousands of organizations in Asia and Europe are also affected, the records show.
The hacks are continuing despite emergency patches issued by Microsoft on Tuesday.
Microsoft, which had initially said the hacks consisted of “limited and targeted attacks,” declined to comment on the scale of the problem on Friday but said it was working with government agencies and security companies to provide help to customers.
It added, “impacted customers should contact our support teams for additional help and resources.”
One scan of connected devices showed only 10% of those vulnerable had installed the patches by Friday, though the number was rising.
Because installing the patch does not get rid of the back doors, US officials are racing to figure out how to notify all the victims and guide them in their hunt.
All of those affected appear to run Web versions of email client Outlook and host them on their own machines, instead of relying on cloud providers. That may have spared many of the biggest companies and federal government agencies, the records suggest.
The federal Cybersecurity and Infrastructure Security Agency did not respond to a request for comment.
Earlier on Friday, White House press secretary Jen Psaki told reporters that the vulnerabilities found in Microsoft’s widely used Exchange servers were “significant,” and “could have far-reaching impacts.”
“We’re concerned that there are a large number of victims,” Psaki said.
Microsoft and the person working with the US response blamed the initial wave of attacks on a Chinese government-backed actor. A Chinese government spokesman said the country was not behind the intrusions.
What started as a controlled attack late last year against a few classic espionage targets grew last month to a widespread campaign. Security officials said that implied that unless China had changed tactics, a second group may have become involved.
More attacks are expected from other hackers as the code used to take control of the mail servers spreads.
The hackers have only used the back doors to re-enter and move around the infected networks in a small percentage of cases, probably less than 1 in 10, the person working with the government said.
“A couple hundred guys are exploiting them as fast as they can,” stealing data and installing other ways to return later, he said.
The initial avenue of attack was discovered by prominent Taiwanese cyber researcher Cheng-Da Tsai, who said he reported the flaw to Microsoft in January. He said in a blog post that he was investigating whether the information leaked.
He did not respond to requests for further comment.


Egypt, Sudan airlines sign MoU to boost ties

Egypt, Sudan airlines sign MoU to boost ties
Updated 4 min 37 sec ago

Egypt, Sudan airlines sign MoU to boost ties

Egypt, Sudan airlines sign MoU to boost ties
  • The partnership aims to transfer Egyptian expertise in the aviation sector to Sudan

CAIRO: Egypt’s national carrier EgyptAir has launched a strategic partnership with Sudan Airways to strengthen aviation ties between the two countries.

Egyptian Civil Aviation Minister Mohamed Manar and Khaled Al-Sheikh, deputy Sudanese ambassador to Egypt, attended the memorandum of understanding (MoU) signing ceremony.

Amr Abu El-Enein, EgyptAir chairman and CEO, and Sudan Airways Director General Yasir Timo signed the MoU.

The Egyptian minister highlighted the importance of the strategic partnership between the airlines and their role in enhancing trade exchange between the two countries. He said the MoU is part of Cairo’s strategy to strengthen bilateral ties in a range of fields, including aviation.The partnership aims to transfer Egyptian expertise in the aviation sector to Sudan.

Manar said the MoU includes training of employees with the Sudanese flag carrier, and helping the country modernize its aircraft fleet by managing network planning, developing maintenance operations, and providing advisory services in quality control and technical approvals. Under the agreement, Egyptian experts will train Sudanese officials in aviation security, ground services and other technical aspects.

The MoU also seeks to increase air traffic between the two countries, leading to increased economic opportunities for both.

A joint working group will have regular meetings to follow up on projects and contracts.

Timo also expressed his happiness at signing the MoU with EgyptAir, due to its expertise, human cadres and technical capabilities.


Musk’s SpaceX wins $2.9bn moon lander contract

Musk’s SpaceX wins $2.9bn moon lander contract
Updated 16 min 48 sec ago

Musk’s SpaceX wins $2.9bn moon lander contract

Musk’s SpaceX wins $2.9bn moon lander contract
  • NASA says the spacecraft will carry two American astronauts in 2024

WASHINGTON: NASA awarded billionaire entrepreneur Elon Musk’s space company SpaceX a $2.9 billion contract to build a spacecraft to bring astronauts to the moon as early as 2024, the agency said on Friday, picking it over Jeff Bezos’ Blue Origin and defense contractor Dynetics Inc.

Bezos and Musk — the world’s first and third richest people respectively, according to Forbes — were competing to lead humankind’s return to the moon for the first time since 1972.

Musk’s SpaceX bid alone while Amazon.com founder Bezos’ Blue Origin partnered with Lockheed Martin Corp., Northrop Grumman Corp. and Draper. Dynetics is a unit of Leidos Holdings Inc.

“NASA Rules!!” Musk wrote on Twitter after the announcement.

The US space agency awarded the contract for the first commercial human lander, part of its Artemis program. NASA said the lander will carry two American astronauts to the lunar surface.

“We should accomplish the next landing as soon as possible,” Steve Jurczyk, NASA’s acting administrator, said.

“If they hit their milestones, we have a shot at 2024,” Jurczyk added.

NASA said SpaceX’s Starship includes a spacious cabin and two airlocks for astronaut moon walks and that its architecture is intended to evolve to a fully reusable launch and landing system designed for travel to the Moon, Mars and other destinations in space.

SpaceX also responded on Twitter, writing: “We are humbled to help @NASAArtemis usher in a new era of human space exploration.”

SpaceX will be required to make a test flight of the lander to the moon before humans make the journey, NASA official Lisa Watson-Morgan told reporters.

NASA had been expected to winnow the lunar lander contest to two companies by the end of April, but instead it picked only SpaceX, a move that deepens their cooperation. On Thursday, NASA said it would send its crew to the International Space Station aboard a SpaceX rocket on April 22.

The agency aims to create regular service to the moon and said it will have a separate competition for that contract.

NASA said in a news release that SpaceX’s HLS Starship, designed to land on the moon, “leans on the company’s tested Raptor engines and flight heritage of the Falcon and Dragon vehicles.”


Brazil needs $10bn a year in aid for carbon neutrality by 2050

Brazil needs $10bn a year in aid for carbon neutrality by 2050
Updated 24 min 59 sec ago

Brazil needs $10bn a year in aid for carbon neutrality by 2050

Brazil needs $10bn a year in aid for carbon neutrality by 2050
  • Deforestation in Brazil’s portion of the Amazon rainforest has skyrocketed under Bolsonaro

BRASILIA: Brazil’s Environment Minister Ricardo Salles told Reuters on Friday that Brazil would need to receive $10 billion annually in foreign aid in order to reach economy-wide net zero carbon emissions by 2050, instead of 2060 as currently planned.

Salles has regularly called for the international community to pick up part of the check for reducing Brazil’s carbon emissions, which predominantly come from deforestation.

His call for $10 billion a year in aid comes as Brazil negotiates a separate potential deal with the US to rally foreign funds to fight soaring deforestation in the Amazon rainforest.

Salles said he does not expect a deal to be announced at next week’s US Earth Day summit, but that talks with the US would continue.

“There is not and was never the objective of negotiating some kind of deal to deliver on April 22,” Salles said in an interview.

Reuters reported on Thursday that a potential deal had reached an impasse, with Brazil demanding funding up front to increase efforts to fight deforestation while the US demanded results before opening its purse strings.

“We understand their logic, but they need some understanding that Brazil already has a lot of results,” Salles said.

He cited the fact that most of Brazil’s forest is preserved, which means emissions from the carbon they contain has been avoided.

Deforestation in Brazil’s portion of the Amazon rainforest has skyrocketed under Bolsonaro, hitting a 12-year high in 2020 with an area 14 times the size of New York City being destroyed, government data show.

Salles said just $1 billion per year out of the $10 billion would enable Brazil to reach zero illegal deforestation ahead of the existing 2030 target.

About one-third of that money would go toward contracting more environmental agents, probably drawing from the ranks of the national military police, Salles said.

The other two-thirds would be used to invest in sustainable development of the Amazon region, he said.

Vice President Hamilton Mourao, who Bolsonaro has put in charge of Amazon policy, said on Friday that reaching the 2030 target would require a 15-20 percent reduction in Amazon deforestation every year until then.

Mourao said the government is studying extending a military deployment to protect the Amazon if destruction does not come down that much by July.

The expensive military deployment is set to finish at the end of this month, having failed to restore deforestation and fires to levels prior to Bolsonaro taking office.


WEEKLY ENERGY RECAP: Economic indicators robust as global oil stocks continue to fall

WEEKLY ENERGY RECAP: Economic indicators robust as global oil stocks continue to fall
Updated 8 min 43 sec ago

WEEKLY ENERGY RECAP: Economic indicators robust as global oil stocks continue to fall

WEEKLY ENERGY RECAP: Economic indicators robust as global oil stocks continue to fall
  • The IEA forecast dramatic changes in global oil markets in the latter half of this year

Oil prices made the first weekly gain after three consecutive weeks of decline, despite the rising number of COVID-19 cases and additional travel restrictions.

The Organization of the Petroleum Exporting Countries (OPEC) and the International Energy Agency (IEA) have both improved their oil demand outlook after huge draws in oil inventories in member states of the Organization for Economic Co-operation and Development (OECD), backed by a recovering global economy that is greatly supported by unprecedented monetary and fiscal stimuli.

On the week closing, oil prices rose to a one-month-high: Brent crude rose to $66.77 per barrel, and West Texas Intermediate rose to $63.13 per barrel. Trading above $60 per barrel for both benchmarks, and with Brent crude prices at an average of nearly $61 in 2021 so far, represents a huge recovery one year on from “Black April,” when the pandemic caused the largest oil demand shock in history.

Both the IEA and OPEC monthly oil reports came with huge drops in commercial oil inventories in OECD countries for the seventh consecutive month in February. They reported a massive drop in global oil inventories that built up during last year’s COVID-19 demand shock for the data gathered for February. This entailed a further drop in global oil inventories in the coming months.

The IEA reported that OECD industry inventories fell by 55.8 million barrels in February to 28.3 million above the 2016-2020 average. OPEC reported that OECD commercial inventories fell by 44.9 million barrels in February to 30.8 million above the latest five-year average, and 42 million above the 2015-2019 average.

The economic indicators are more robust as global oil stocks continue to fall. Therefore, both OPEC and the IEA hiked the world oil demand forecast as economic recovery gains pace.

The IEA forecast dramatic changes in global oil markets in the latter half of this year, as nearly 2 million barrels per day (bpd) of extra supply may be required to meet expected demand growth, even after factoring in the announced ramp-up of OPEC+ production as the summer high-demand driving season is rapidly approaching.

The IEA’s global oil demand in 2021 is forecast to reach 96.7 million bpd, up 5.7 million bpd from 2020 despite weaker-than-expected data for the first quarter.

OPEC’s global oil demand growth in 2021 is expected to increase by about 6 million bpd, representing an upward revision of only 100,000 bpd from last month’s report. Though this is a tiny revision, it marks an upward change from previous months of lower demand forecasts because of continued lockdowns.

However, OPEC’s cautious approach remained intact when considering the fragile and uncertain oil demand recovery that would require vigilant monitoring of market developments, which include the possibility of rising sovereign debt in most economies, and a potential further rise in inflation that may tighten monetary policies.

The latest figures from the Commodity Futures Trading Commission on April 13 showed that long positions on crude oil futures on the New York Mercantile Exchange numbered 645,593 contracts, down 9,735 from the previous week (1,000 barrels for each contract). It is the fifth consecutive weekly drop in positions.

• Faisal Faeq is an energy and oil marketing adviser. He was formerly with OPEC and Saudi Aramco. Twitter: @faisalfaeq


Egypt’s Sovereign Fund denies Tahrir Complex will be sold to investors

Egypt’s Sovereign Fund denies Tahrir Complex will be sold to investors
Updated 17 April 2021

Egypt’s Sovereign Fund denies Tahrir Complex will be sold to investors

Egypt’s Sovereign Fund denies Tahrir Complex will be sold to investors
  • The fund said it fully owned the complex and that it was offering it for development
  • It said the development process would be based on methods that took into account the building’s historical value

CAIRO: The Sovereign Fund of Egypt has denied reports that it intends to sell the Tahrir Complex (Mogamma El-Tahrir) to investors.
It said the complex was fully owned by the fund and that offering it for development, by teaming up with investors and partners, was about turning the complex into a multi-purpose building comprising a hotel, commercial, administrative and cultural elements.
It also said the development process would be based on methods that took into account the building’s historical value. This process was in line with a plan to make the most of state assets and invest in them to achieve broader opportunities, it added.
It launched the first operational steps to develop the complex by completing a prospectus and presenting it to foreign and local investors and developers.
The partnership model will be based on the fund contributing to the technical studies and surveying work, while the partner or real estate developer will contribute to the financing and other components.
The qualification process will be based on developing the building as a multi-use project.