In case you missed it, the U.S. government has taken several actions of late aimed at stopping foreign cybercriminals and nation state actors from attacking the networks of government entities and private organizations, including charging four Chinese nationals with stealing intellectual property, attributing the Microsoft Exchange Server attacks to China and launching anti-ransomware initiatives.
If the government keeps this up, then IT teams can hope to get some reprieve from the constant barrage of costly cyberattacks we have seen over the last year and a half.
On Monday, an indictment out of a federal court in San Diego, Calif. was unsealed and charges four Chinese nationals with hacking into the networks of private companies, universities and government entities in the U.S. between 2011 and 2018.
The defendants are alleged to be part of Advanced Persistent Threat (APT) 40, and they are charged with hacking into the networks of organizations to steal sensitive information and trade secrets from the defense industry, higher education, biotech and the government.
According to the U.S. Department of Justice, the group uses spear phishing, spoofing, social engineering and sophisticated malware to obtain and maintain access to victim networks. They also used anonymizer services like The Onion Router to access malware on victim networks and manage hacking infrastructure.
Read CISA’s alert on this group for information about indicators of compromise.
Also on Monday, the U.S. and its allies publicly attributed the Microsoft Exchange Server hacking campaign to China.
The statement also attributes ransomware operations against private companies to hacking groups affiliated with the Chinese government, including some that demanded millions of dollars in ransom.
“The PRC’s unwillingness to address criminal activity by contract hackers harms governments, businesses, and critical infrastructure operators through billions of dollars in lost intellectual property, proprietary information, ransom payments, and mitigation efforts,” the statement said.
According to the statement, hackers working for the People’s Republic of China Ministry of State Security (MSS) conducted the Exchange Server attacks that compromised tens of thousands of computers and networks.
That vulnerability exploited by the MSS hackers was then used by some ransomware operators before companies had the change to patch.
The Biden administration last week also launched new initiatives designed to stem the tide of ransomware and help companies recover from attacks, which includes public/private partnerships with cybersecurity companies and cyber insurance providers, efforts to encourage information sharing and offensive actions against hacking gangs.
This also comes after Biden’s executive order on cybersecurity from May.
It remains to be seen how these actions will impact cyberattacks against U.S. organizations, but IT professionals should at least be encouraged that this topic has the attention of world leaders.