At least 10 hacking groups using Microsoft software flaw — researchers

FireEye CEO Kevin Mandia gives a tour of the cybersecurity company's office in Reston, Virginia, on March 9, 2021. FireEye has confirmed seeing “multiple likely-China groups” using the Microsoft flaws in different waves. (AP Photo/Nathan Ellgren)
FireEye CEO Kevin Mandia gives a tour of the cybersecurity company's office in Reston, Virginia, on March 9, 2021. FireEye has confirmed seeing “multiple likely-China groups” using the Microsoft flaws in different waves. (AP Photo/Nathan Ellgren)
Short Url
Updated 11 March 2021

At least 10 hacking groups using Microsoft software flaw — researchers

At least 10 hacking groups using Microsoft software flaw — researchers
  • The security holes in the widely used mail and calendaring solution leave the door open to industrial-scale cyber espionage
  • Microsoft has blamed the hack on China. The Chinese government denies any role

WASHINGTON: At least 10 different hacking groups are using recently discovered flaws in Microsoft Corp’s mail server software to break in to targets around the world, cybersecurity company ESET said in a blog post on Wednesday.
The breadth of the exploitation adds to the urgency of the warnings being issued by authorities in the United States and Europe about the weaknesses found in Microsoft’s Exchange software.
The security holes in the widely used mail and calendaring solution leave the door open to industrial-scale cyber espionage, allowing malicious actors to steal emails virtually at will from vulnerable servers or move elsewhere in the network. Tens of thousands of organizations have already been compromised, Reuters reported last week, and new victims are being made public daily.
Earlier on Wednesday, for example, Norway’s parliament announced data had been “extracted” in a breach linked to the Microsoft flaws. Germany’s cybersecurity watchdog agency also said on Wednesday two federal authorities had been affected by the hack, although it declined to identify them.
While Microsoft has issued fixes, the sluggish pace of many customers’ updates — which experts attribute in part to the complexity of Exchange’s architecture — means the field remains at least partially open to hackers of all stripes. The patches do not remove any back door access that has already been left on the machines.
In addition, some of the back doors left on compromised machines have passwords that are easily guessed, so that newcomers can take them over.
Microsoft declined comment on the pace of customers’ updates. In previous announcements pertaining to the flaws, the company has emphasized the importance of “patching all affected systems immediately.”
Although the hacking has appeared to be focused on cyber espionage, experts are concerned about the prospect of ransom-seeking cybercriminals taking advantage of the flaws because it could lead to widespread disruption.
ESET’s blog post said there were already signs of cybercriminal exploitation, with one group that specializes in stealing computer resources to mine cryptocurrency breaking in to previously vulnerable Exchange servers to spread its malicious software.
ESET named nine other espionage-focused groups it said were taking advantage of the flaws to break in to targeted networks — several of which other researchers have tied to China. Microsoft has blamed the hack on China. The Chinese government denies any role.
Intriguingly, several of the groups appeared to know about the vulnerability before it was announced by Microsoft on March 2.
Ben Read, a director with cybersecurity company FireEye Inc. , said he could not confirm the exact details in the ESET post but said his company had also seen “multiple likely-China groups” using the Microsoft flaws in different waves.
ESET researcher Matthieu Faou said in an email it was “very uncommon” for so many different cyber espionage groups to have access to the same information before it is made public.
He speculated that either the information “somehow leaked” ahead of the Microsoft announcement or it was found by a third party that supplies vulnerability information to cyber spies.
Taiwan-based researchers reported to Microsoft on Jan. 5 that they had found two new flaws which need patching. Those two were among those that began being used by the attackers shortly before or after the friendly report.
They said were investigating whether there had been a theft or leak on their side, since exploitation was discovered in the wild the same week later. So far, the group called Devcore said, they had found no evidence.
Top-flight hackers are also commonly targeted by other hackers. Just this week, Microsoft patched one of the flaws used by suspected North Koreans in attempts to steal information from Western researchers.
But simultaneous discovery happens fairly often, in part because researchers use the same or similar tools to hunt for serious flaws, and many eyes are looking at the same high-value targets.
“It is very likely that some actor groups may have being using these vulnerabilities and led to the result of the attacks being observed by other information security vendors,” Devcore member Bowen Hsu told Reuters.
But the security industry has been abuzz with other theories, including a hack of Microsoft’s systems for tracking bugs, which has happened in the past.

 

 


127 missing after vessel sinks in India cyclone: navy

127 missing after vessel sinks in India cyclone: navy
Updated 29 min 53 sec ago

127 missing after vessel sinks in India cyclone: navy

127 missing after vessel sinks in India cyclone: navy
  • The vessel was carrying 273 people when it started drifting on Monday

MUMBAI: Some 127 people were missing Tuesday after a vessel adrift off Mumbai’s coast sank during Cyclone Tauktae, the Indian navy said as two ships and helicopters were deployed to assist in the search.
The vessel was carrying 273 people when it started drifting on Monday as strong winds battered India’s western coast, sending huge waves crashing onto its shores and turning roads into rivers.


Hong Kong temporarily suspends operations at representative office in Taiwan

Hong Kong temporarily suspends operations at representative office in Taiwan
Updated 47 min 40 sec ago

Hong Kong temporarily suspends operations at representative office in Taiwan

Hong Kong temporarily suspends operations at representative office in Taiwan
  • Tensions between the Beijing-backed Hong Kong government and Taiwan have risen since pro-democracy protests erupted in Hong Kong in 2019

HONG KONG: Hong Kong’s representative office in Taiwan has temporarily suspended operations, a Hong Kong government spokesperson said on Tuesday, adding only that the decision was not related to the rise in coronavirus cases there.
Tensions between the Beijing-backed Hong Kong government and Taiwan have risen since pro-democracy protests erupted in Hong Kong in 2019 and China imposed a sweeping national security law last year to quell the unrest, prompting many activists to leave the city.
Taipei has criticized the law and opened a local office to help people who may want to leave Hong Kong.
Last year, Taiwanese officials in Hong Kong were told their visas would not be renewed unless they signed a document supporting Beijing’s claim to Taiwan under its “one China” policy, a person with direct knowledge of the matter told Reuters.
Hong Kong’s Constitutional and Mainland Affairs Bureau announced the decision to suspend the Hong Kong Economic, Trade and Cultural Office in Taiwan without providing an explanation. It said requests for assistance would be handled through hotlines and via the Hong Kong government website.
“The suspension is not related to the pandemic situation in Taiwan. We do not have anything further to add,” a Hong Kong government spokesperson said.
Taiwan’s Mainland Affairs Council said it was working on a response on the matter.


Afghan Taliban ready for talks — on one condition

Afghan Taliban ready for talks — on one condition
Updated 18 May 2021

Afghan Taliban ready for talks — on one condition

Afghan Taliban ready for talks — on one condition
  • Group insists final negotiations to end Afghanistan war are held in Doha

KABUL: Afghan Taliban delegates were on Monday reportedly ready to take part in US-sponsored talks with the Kabul government in the Turkish city of Istanbul.

A Taliban spokesman confirmed the negotiators’ position, making a U-turn on the group’s recent decision to boycott the long-awaited discussions.

Zabihullah Mujahid told Arab News: “The talks should not pave the ground for interference from any side.

“This matter is under deliberation ... we, without doubt, say that the Istanbul meeting should be conducted in conformity with the wishes of the Afghan people and should have no imposition aspect.”

However, he said that the final negotiations should be held in Doha, Qatar where both sides resumed stalled discussions on the peace process several days ago.

“This is an opportunity for peace, and we will participate in it on the basis of our conditions ... continuation of the talks in Doha is a good point for ending the war,” he added.

The development follows the group’s decision to snub the Turkey talks after American President Joe Biden said he would be extending the US-led foreign troops’ presence in Afghanistan until Sept. 11.

Initially, all troops were to have left the country by May 1 based on a key condition for a landmark accord signed between the Taliban and US delegates in Doha more than a year ago.

Mujahid did not elaborate on the conditions for the talks to resume and said that the Taliban leadership was “pondering over them.”

He pointed out that the two conditions demanded by the group for participation in future discussions included the “release of the remaining 7,000 Taliban inmates held by Kabul and delisting of their leaders from the UN blacklist.”

Mujahid added that the Taliban had discussed the conditions with Washington which had “pledged to facilitate” the group on both issues, although no date had yet been set for the talks. Fatima Morchal, a spokesperson for Afghan President Ashraf Ghani, welcomed the news.

HIGHLIGHT

A Taliban spokesman confirmed the negotiators’ position, making a U-turn on the group’s recent decision to boycott the long-awaited discussions.

“It is a good thing; we have always said we will participate. The agenda and timing of the meeting have yet to be finalized, and we will attend it,” she told Arab News.

The Istanbul talks were rescheduled for April 24, before the Taliban announced that they would not participate in any meetings on Afghan peace until all foreign forces withdrew from Afghanistan.

Under Biden’s announcement, US-led troops will leave Afghanistan by Sept. 11, ending the most protracted conflict in America’s history, which began nearly 20 years ago with the Taliban’s ousting in 2001.

The group has accused Washington of breaching the deal by delaying the troops’ exit, resulting in an escalation of violence across Afghanistan – with hundreds of lives lost, including civilians – which both the Taliban and the Kabul government have blamed each other for.

Fighting resumed on Monday in a number of major Afghan provinces at the end of a three-day ceasefire announced by the Taliban during the Eid-Al-Fitr holiday.

Two weeks ago, US special envoy for Afghanistan, Zalmay Khalilzad, the architect of the Doha deal with the Taliban, warned that Washington would abandon its push to form an interim government to replace Ghani if the Taliban insisted on boycotting the Istanbul talks.

The Istanbul meeting, under the auspices of the UN, seeks to draw a roadmap to end more than four decades of conflict in Afghanistan, ahead of the complete withdrawal of foreign troops from the country.

Wahidullah Ghazikhail, a Kabul-based political analyst, told Arab News that recently Washington had “secretly shown flexibility to the Taliban” on the date of departure for the remaining troops and could “complete the pullout process either in June or July.”

The Taliban, in return, had to “express leniency for attending the Istanbul meeting,” he said.

“The Taliban would have been blamed by ordinary Afghans for refusing to participate in the Istanbul talks. They now have a condition, want to begin the initial talks in Istanbul, but that the serious decisions and last decisive decisions be taken in Doha,” Ghazikhail added.

Torek Farhadi, an adviser for former Afghan President Hamid Karzai, told Arab News: “The Taliban are making sure they have a diplomatic presence in the (Istanbul) talks because the process of delisting them from the UN sanctions list requires to continue talks and for freeing their 7,000 prisoners.”

He said that Kabul also wanted to attend the Istanbul meeting to “give people hope that peace talks are continuing,” but added that in reality “the positions are so far apart that peace talks might continue for years. Both sides are preparing for more war. But it is clear that both sides have actors in the peace theaters as well … the sad part is civilians will suffer.”


Indonesia halts use of AstraZeneca vaccine batch for toxicity tests

Indonesia halts use of AstraZeneca vaccine batch for toxicity tests
Updated 18 May 2021

Indonesia halts use of AstraZeneca vaccine batch for toxicity tests

Indonesia halts use of AstraZeneca vaccine batch for toxicity tests
  • Precautionary measure follows the death of a 22-year-old man one day after receiving jab

JAKARTA: Indonesia has temporarily suspended the use and distribution of an Oxford-AstraZeneca coronavirus disease (COVID-19) vaccine batch pending sterility and toxicity tests by the Drug and Food Monitoring Agency (BPOM), the Health Ministry said on Sunday.

The ministry announced the move following advice from the National Commission on Post-Immunization Accidents to carry out the tests.

It follows the death of a 22-year-old man in East Jakarta, who suffered from a high fever and eventually died after receiving his first jab earlier this month.

Siti Nadia Tarmizi, a Health Ministry spokesperson for the national COVID-19 vaccination program, said that the suspension of the batch would not deter the use of other AstraZeneca batches in the jabs program, which began four months ago.

“We continue to use the AstraZeneca vaccine because it provides a much greater benefit. The suspension is the government’s precautionary measure to ensure the safety of the vaccine,” Tarmizi said, adding that the test results are expected to be released no later than two weeks.

The commission recommended the drug monitoring agency conduct the tests. Its chairman, Hindra Irawan Satari, said that the commission “did not have enough data to determine” whether the man’s death was related to the vaccine from the suspended batch, which he received a day before his demise.

The batch consisted of 448,480 doses and is part of the 3,852,000 doses Indonesia received from the World Health Organization’s COVAX facility’s vaccine distribution scheme on April 26.

The ministry said that the vaccine batch in question had been distributed in the capital city, Jakarta, among the military, and in the North Sulawesi province.

Tonang Dwi Ardyanto, an epidemiologist of the clinical pathologist association PDS PatKlin said while the suspension was necessary, it would slow down the national vaccination progress.

“We hope the test results will come out soon so that the matter is clear,” he told Arab News on Monday.

“We are well aware that there is no vaccine or medicine that is 100 percent safe, but we just have to look for the ones with the least possible risks,” he added.

Indonesia received 6.4 million doses of the AstraZeneca vaccine, which were distributed to seven provinces, with Bali and East Java getting a majority of the share.

The Oxford jab is a small fraction compared to more than 68 million doses of China’s Sinovac vaccine used in the government’s vaccination program.

A study conducted by the Health Ministry from January to March on health workers who received the Sinovac vaccine showed that it is “almost 100 percent effective in protecting them from infections, hospitalization, and death.”

Pandji Dhewantara, the ministry’s lead researcher, said last week that two shots of the Sinovac vaccine “provided 98 percent protection against death” in the 128,290 health workers who were monitored for the study.

Dhewantara added that the vaccine was 94 percent effective in protecting health workers from being infected with COVID-19 and 96 percent effective in preventing them from being hospitalized.

“We can conclude from this study that vaccination is important to reduce the risks of someone being infected by COVID-19,” he added.

A private vaccination scheme, coordinated by the Indonesian Chamber of Commerce, through which private entities can pay to inoculate their employees and families, will be using China’s Sinopharm and CanSino vaccines, with Russia’s Sputnik expected to be added.

The scheme is expected to commence on Tuesday, with almost 18,000 private entities registered to inoculate about 8.6 million people from labor-intensive manufacturing companies to micro-enterprises with as few as three employees.

Indonesia aims to inoculate 181.5 million people out of its 270 million population, which it expects to complete by the end of the year. But four months into the program, only 8.8 million people have received the second dose of their vaccines, just five percent of the targeted population.


Save the Children decries rising death toll from Israeli strikes

Palestinan children eat as families took shelter at a United Nations (UN) school in Rafah in the southern Gaza Strip on May 17, 2021. (AFP)
Palestinan children eat as families took shelter at a United Nations (UN) school in Rafah in the southern Gaza Strip on May 17, 2021. (AFP)
Updated 17 May 2021

Save the Children decries rising death toll from Israeli strikes

Palestinan children eat as families took shelter at a United Nations (UN) school in Rafah in the southern Gaza Strip on May 17, 2021. (AFP)
  • Charity: On average, 3 Palestinian children have been wounded every hour since fighting broke out
  • ‘Dropping bombs where you know you’ll cause high levels of civilian casualties is a war crime,’ Palestine Solidarity Campaign tells Arab News

LONDON: The number of children killed in Israeli strikes on Gaza has reached 58, Save the Children said on Sunday night, adding that on average three have been wounded every hour since fighting broke out.

The charity called for an immediate ceasefire, and warned that for survivors, the “physical and mental wounds will last a lifetime.”

More than 1,000 people, including 366 children, have been injured. This amounts to roughly three children hurt every hour in Gaza since airstrikes began, Save the Children said. Two children in Israel have also died.

“My family and I have had to evict our home in the last few days because of the endless bombardments,” Mazen Naim, a Gaza-based communications officer at Save the Children, told Arab News.

“Everyone around me is breaking down. The children have been crying for days on end and are in a state of constant terror,” he added.

“There’s nowhere safe, and thousands of families have been displaced. How can we even begin to recover from this kind of loss?”

Ben Jamal, director of the UK-based Palestine Solidarity Campaign, told Arab News: “There’s no excuse for dropping bombs on areas where you know you’ll cause high levels of civilian casualties. This is a war crime.”

He said: “Israel also knows the fact that 50 percent of Gaza’s population are children means bombing will cause high levels of child deaths. That knowing this, it continues its bombing is abhorrent.”

He added: “It violates international law and is unethical and inhumane in every way, shape and form. We call on all governments to stop arming Israel’s massacres by immediately ceasing all arms sales.”

Save the Children warned that Gaza’s roughly 2 million residents are experiencing a “triple shock” of catastrophe: “Bombardments are continuing, and health facilities and civilian infrastructure could soon be left without the power needed to deliver crucial supplies and emergency treatment. In addition, critically ill and injured children are unable to leave Gaza for treatment.”

The latest damage to infrastructure, Save the Children said, has left 480,000 people — roughly a quarter of Gaza’s inhabitants — with limited or no access to clean and safe drinking water.

To alleviate the humanitarian crisis, it called for an end to Israel’s 14-year blockade that prevents goods and people from moving freely in and out of the small, densely populated territory.

“The government of Israel and all parties must allow aid workers to reach children with life-saving support, as well as the unimpeded entry of essential supplies and fuel,” Save the Children said.

“It is critical to seek a just solution that addresses the underlying causes of this violence, that upholds equal rights for both Palestinian and Israeli children, and that will end the decades-long occupation as the only sustainable resolution to the conflict. This will ensure that all children in the region can live in peace.”