This is a snowball rolling down the hill – the latest Dark Reading story discusses the latest thinking:
“Attacks exploiting the flaws were first spotted in January. They initially were limited and targeted, seemingly for espionage: the adversaries primarily targeted specific email accounts. Microsoft attributed the activity to a group it calls Hafnium, believed to operate out of China.
Then during the last weekend of February, researchers noticed a significant uptick in remote code execution. Attackers were writing Web shells to disk and launching operations to dump credentials, add user accounts, steal copies of Active Directory databases, and move laterally to other systems. The surge in activity – curious for an advanced Chinese attack group – pushed up the timeline of patches.”
My Book “Too Late, You’re Hacked! – Defending Your Small Business’ Computers and Networks” is now available for order on my publisher’s site: Publishing Concepts.
I discuss the reasons why China and Russia Are attacking us (most likely for $$’s) but the topic is larger than a small blog post here.
Contact Us to discuss