Email accounts of a number of Washington Post journalists had been compromised in a cyberattack believed to have been carried out by a overseas authorities.
The incident was found on Thursday night and the publication began an investigation. On Sunday, June 15, an inner memo was despatched to workers, informing them of a “possible targeted unauthorized intrusion into their email system.”
According to The Wall Street Journal, the memo was signed by Executive Editor Matt Murray and knowledgeable that Microsoft accounts of a restricted variety of journalists had been affected.
Owned by Amazon founder Jeff Bezos, The Washington Post is without doubt one of the most influential newspaper publications within the United States.
Internal sources informed The Wall Street Journal that the assault focused journalists writing on nationwide safety and financial coverage matters, in addition to some who write about China.
Advanced persistent threats (APTs), or state-sponsored actors, typically goal e-mail techniques like Microsoft Exchange. Two years in the past, Chinese hackers leveraged insecure Exchange endpoints to breach e-mail accounts of two dozen authorities businesses globally, accessing extraordinarily delicate and confidential knowledge.
But Chinese risk teams have a protracted historical past of exploiting Exchange vulnerabilities in extremely organized campaigns. They focused U.S. authorities businesses in 2020, and a number of NATO members in 2021.
Last yr, Microsoft warned that hackers had been exploiting a crucial privilege elevation bug in Exchange as a zero-day to carry out NTLM relay assaults.
ESET cybersecurity firm additionally found in 2021 a number of Chinese risk teams, together with APT27, Bronze Butler, and Calypso, exploiting zero-day vulnerabilities in Microsoft Exchange.
Washington Post has not shared publicly any particulars concerning the assault.
Patching used to imply complicated scripts, lengthy hours, and infinite hearth drills. Not anymore.
In this new information, Tines breaks down how fashionable IT orgs are leveling up with automation. Patch sooner, cut back overhead, and concentrate on strategic work — no complicated scripts required.