Ongoing Cyber Attack: Russian Hackers Successfully Steal Microsoft Source Code

Dhruv Mehrotra Andrew Couts

For years, Registered Agents Inc.—a secretive company whose business is setting up other businesses—has registered thousands of companies to people who appear to not exist. Multiple former employees tell WIRED that the company routinely incorporates businesses on behalf of its customers using what they claim are fake personas. An investigation found that incorporation paperwork for thousands of companies that listed these allegedly fake personas had links to Registered Agents.

State attorneys general from around the US sent a letter to Meta on Wednesday demanding the company take “immediate action” amid a record-breaking spike in complaints over hacked Facebook and Instagram accounts. Figures provided by the office of New York attorney general Letitia James, who spearheaded the effort, show that in 2023 her office received more than 780 complaints—10 times as many as in 2019. Many complaints cited in the letter say Meta did nothing to help them recover their stolen accounts. “We refuse to operate as the customer service representatives of your company,” the officials wrote in the letter. “Proper investment in response and mitigation is mandatory.”

Meanwhile, Meta suffered a major outage this week that took most of its platforms offline. When it came back, users were often forced to log back in to their accounts. Last year, however, the company changed how two-factor authentication works for Facebook and Instagram. Now, any devices you’ve frequently used with Meta services in recent years will be trusted by default. The move has made experts uneasy; this means that your devices may not need a two-factor authentication code to log in anymore. We updated our guide for how to turn off this setting.

A ransomware attack on medical firm Change Healthcare has resulted in nationwide disruptions at US pharmacies, impairing the timely delivery of prescribed medications. A Bitcoin address associated with AlphV, the group believed to be behind the attack, recently saw a deposit of $22 million in cryptocurrency. This transaction suggests that Change Healthcare possibly paid up the ransom, although the company’s spokesperson refrained from providing an explicit confirmation.

We also include other news highlights that might not have been comprehensively covered by us. Refer to the mentioned headlines to access the full coverage. Stay vigilant.

In January, Microsoft exposed a security breach by a notorious group of Russian state-backed hackers referred to as Nobelium. These hackers had reportedly accessed the email accounts of Microsoft’s top executive team. The company now discloses that this attack is still unfurling. Microsoft’s blog post mentions that hackers have been found to use information extracted from these breached email systems to infiltrate the company’s source code and other “internal systems.”

It remains indistinct what “internal systems” were compromised by Nobelium, or Midnight Blizzard, as dubbed by Microsoft, but the company insists the threat persists. They suggest that the hackers are exploiting various “secrets” as a means to penetrate deeper into their systems. Some of these “secrets” are claimed to have been discovered in the compromised email systems, and were exchanged between Microsoft and their customers. Upon discovery, the company has been assisting their affected customers to manoeuvre their mitigation efforts.

Nobelium is responsible for the SolarWinds attack, a sophisticated 2020 supply-chain attack that compromised thousands of organizations including the major US government agencies like the Departments of Homeland Security, Defense, Justice, and Treasury.

Author: Paresh Dave

Contributors: Joel Khalili, Aarian Marshall

Andy Greenberg

According to Microsoft, it has found no evidence that its customer-facing systems were breached.

On Wednesday, ​the US Department of Justice announced that it was charging a former Google engineer with stealing trade secrets about artificial intelligence on behalf of two Chinese companies. Linwei Ding was arrested in Newark, California, on four counts of federal trade secret theft. If convicted he could face a decade in prison.

“Today’s charges are the latest illustration of the lengths affiliates of companies based in the People’s Republic of China are willing to go to steal American innovation,” FBI director Christopher Wray said in a statement to the Associated Press.

The indictment unsealed Wednesday, alleges that the theft began two years ago, when Ding, a Chinese national, began uploading hundreds of company files about its data centers into a personal Google Cloud account. Soon after and unbeknownst to Google, Ding allegedly founded his own startup specializing in training large AI models while also joining a separate Chinese AI company as its CTO. He resigned from Google in December, according to the indictment.

The US Cybersecurity and Infrastructure Security Agency confirmed this week that hackers breached the agency’s systems in February, according to Recorded Future. CISA, which works to protect US critical infrastructure from cyberattacks and other threats, says it took two of its systems offline after the breach, which was carried out through vulnerabilities in Ivanti IT management software. CISA declined to comment on which systems it took offline, but Recorded Future reports that, according to unnamed sources, one “houses critical information about the interdependency of US infrastructure,” while the other “houses private sector chemical security plans.” It is unclear who the hackers are or whether they accessed or stole data from CISA systems. The agency released an advisory on February 29 warning entities that use Ivanti Connect Secure and Ivanti Policy Secure tech to patch vulnerabilities in the products.

As if getting a phone call through a social network isn’t bad enough, X’s newly released audio and video calling feature can reveal the IP address of anyone you call. Even worse: The feature is turned on by default. While IP addresses can reveal the general location of the user, they’re not precise enough to expose exact locations. Still, civil liberties organizations warn that exposing IP addresses is highly concerning for activists living under authoritarian regimes or other high-risk users. To disable X’s calling feature, go to Settings and privacy > Privacy and safety > Direct messages in the X app, and toggle the Enable audio and video calling option to off. If you want to keep the feature on but not expose your IP address, toggle on the Enhanced call privacy option, which X says will mask your IP address. Why this feature is not enabled by default remains unclear.

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Article

Sam Altman's Return to the Board of OpenAI Confirmed

Next Article

Akamai's Guardicore Solution: Enhancing Hybrid Cloud Security

Related Posts