23 July 2021 | Asia Cyber Summary

In the spotlight this week:

  • China says Microsoft hacking accusations fabricated by US and allies

  • Saudi Aramco facing $50M cyber extortion over leaked data

  • Macron among 14 heads of states on potential spyware list

  • Law firm for Ford, Boeing, Exxon, Marriott, Walgreens, and more hacked in ransomware attack

  • Japanese government official says Olympic ticket data leaked

  • 16-year-old bug in printer software gives hackers admin rights



China says Microsoft Hacking Accusations Fabricated By US And Allies

The UK, EU, New Zealand, Australia and others joined the US to accuse Chinese state-sponsored hackers of breaching Microsoft Exchange - a popular email platform used by companies worldwide.

China says it opposes all forms of cyber-crime, and has called the claims "fabricated". China's foreign ministry spokesman said the US had got its allies to make "unreasonable criticisms" against China.

Microsoft's Exchange system powers the email of huge corporations, small businesses and public bodies. The hack affected at least 30,000 organisations around the world.

Microsoft blamed a Chinese cyber-espionage group for targeting a weakness in Microsoft Exchange, which allowed hackers to get into email inboxes. It said the group, known as Hafnium, was state-sponsored and based in China. Western security sources believe Hafnium knew Microsoft had planned to deal with the weakness, and so shared it with other China-based hackers.

Saudi Aramco Facing $50M Cyber Extortion Over Leaked Data

Saudi Arabia’s state oil giant acknowledged Wednesday that leaked data from the company — files now apparently being used in a cyber-extortion attempt involving a $50 million ransom demand — likely came from one of its contractors. The oil firm did not say which contractor found itself affected nor whether that contractor had been hacked or if the information leaked out another way. “We confirm that the release of data was not due to a breach of our systems, has no impact on our operations and the company continues to maintain a robust cybersecurity posture,” Aramco said.

A page accessed by the AP on the darknet — a part of the internet hosted within an encrypted network and accessible only through specialized anonymity-providing tools — claimed the extortionist held 1 terabyte worth of Aramco data. A terabyte is 1,000 gigabytes.

Macron Among 14 Heads Of States On Potential Spyware List

French President Emmanuel Macron leads a list of 14 current or former heads of state who may have been targeted for hacking by clients of the notorious Israeli spyware firm NSO Group, Amnesty International said Tuesday.

“The unprecedented revelation ... should send a chill down the spine of world leaders,” Amnesty’s secretary general, Agnes Callamard, said in a statement. Among potential targets found on a list of 50,000 phone numbers leaked to Amnesty and the Paris-based journalism nonprofit Forbidden Stories include Presidents Cyril Ramaphosa of South Africa and Barham Salih of Iraq, King Mohammed VI of Morocco and three current prime ministers — Imran Khan of Pakistan, Mustafa Madbouly of Egypt and Saad Eddine El Othmani of Morocco — are also on the list, The Washington Post reported.

Law Firm For Ford, Boeing, Exxon, Marriott, Walgreens, And More Hacked In Ransomware Attack

Campbell Conroy & O'Neil, P.C., a law firm handling hundreds of cases for the world's leading companies, has announced a large data breach that resulted from a ransomware attack in February.

In a statement released on Friday, the law firm said it noticed unusual activity on its network on February 27. The firm later realized it was being hit with a ransomware attack and contacted the FBI as well as cybersecurity companies for help.

Their investigation revealed that the hackers behind the attack gained access to a database with names, dates of birth, driver's license numbers/state identification numbers, financial account information, Social Security numbers, passport numbers, payment card information, medical information, health insurance information, biometric data, and/or online account credentials.

The law firm is offering those affected 24 months of free credit monitoring, fraud consultation, and identity theft restoration services.

Japanese Government Official Says Olympic Ticket Data Leaked

In a statement to ZDNet, a spokesperson from the Tokyo 2020 International Communications Team said that the initial statement from a Japanese government official was incorrect.

"We are aware of the incident and, after checking the facts, we can confirm that this was not a leak from Tokyo 2020's system," the spokesperson said.

"While we have been liaising with the government and other relevant organizations on a regular basis, we have already taken measures in the form of password resets to limit any damage for the very limited number of IDs detected in this case based on the information supplied by the government."

A government official previously told Kyodo News that login IDs and passwords for the Tokyo Olympic ticket portal had been posted to a leak website following a breach.

16-Year-Old Bug In Printer Software Gives Hackers Admin Rights

A 16-year-old security vulnerability found in an HP, Xerox, and Samsung printers driver allows attackers to gain admin rights on systems using the vulnerable driver software.

The security flaw tracked as CVE-2021-3438 is a buffer overflow in the SSPORT.SYS driver for specific printer models that could lead to a local escalation of user privileges.

As the researchers discovered, the buggy driver automatically gets installed with the printer software and will be loaded by Windows after each system reboot. This makes it the perfect target for attackers who need an easy way to escalate privileges, since the bug can be abused even when the printer is not connected to the targeted device.

"This high severity vulnerability, which has been present in HP, Samsung, and Xerox printer software since 2005, affects hundreds of millions of devices and millions of users worldwide," according to a SentinelOne report published today and shared with BleepingComputer in advance.




Subscribe Here to receive Blackpanda thought leadership, webinar invitations, and cyber intelligence direct to your inbox.