ReportWire

Tag: brand safety-nsf online illegal

  • Apparent cyberattack forces Florida hospital system to divert some emergency patients to other facilities | CNN Politics

    Apparent cyberattack forces Florida hospital system to divert some emergency patients to other facilities | CNN Politics



    CNN
     — 

    An apparent cyberattack has forced a network of Florida health care organizations to send some emergency patients to other facilities and to cancel some non-emergency surgeries, the health care network said Friday.

    Tallahassee Memorial HealthCare, which operates a 772-bed hospital and multiple specialty care centers, said an “IT security issue” late Thursday night forced it to take down its computer system.

    “We are also diverting EMS [emergency medical services] patients and will only be accepting Level 1 traumas from our immediate service area,” the hospital system said in a statement. Level 1 trauma refers to the most acute injuries and illnesses.

    Tallahassee Memorial HealthCare spokesperson Tori Lynn Schneider told CNN “some” emergency patients were being diverted to facilities outside of the organization’s network, but declined to say how many patients. All non-emergency and elective procedures scheduled for Monday were canceled because of the hacking incident, Schneider said.

    It’s the latest in a series of cyberattacks that have continued to hit resource-strapped US health care providers in the nearly three years of the Covid-19 pandemic. In another case, hackers accessed the personal data of nearly 270,000 patients in an attempted ransomware attack on a Louisiana health care system in October.

    The FBI last month shut down the computer infrastructure used by a notorious ransomware gang to attack multiple US hospitals, according to the bureau. But the threat remains as multiple ransomware groups are known to target the health sector.

    It’s unclear who was responsible for the apparent hack of Tallahassee Memorial. Tallahassee Memorial did not specify whether it had suffered a ransomware attack, but the organization’s statement described activity, including the need to shut down computer networks, consistent with a ransomware attack.

    Staff have been unable to access digital patient records and lab results because of the shutdown, a hospital source told CNN.

    Mark O’Bryant, Tallahassee Memorial’s CEO, notified staff in person Friday morning that the system had suffered a “cyberattack,” according to the source.

    “To help us contain the issue, please completely turn off all PCs connected to TMH’s network immediately and leave them off until notified otherwise,” Tallahassee Memorial leadership said in a memo sent to employees Friday morning and obtained by CNN.

    Max Henderson, a Tallahassee native and cybersecurity specialist who focuses on health care, said the effects of a shutting down a hospital’s computer network can last for weeks or months.

    “Immediate, unplanned shutdowns can lead to a loss of recently gathered data regarding diagnosis, clinical notes, shift handovers and other various setbacks for the medical staff,” Henderson, who is senior manager for incident response at security firm Pondurance, told CNN.

    “Nearly all hospitals rely on the internet for connectivity with vendors and remote offices for processing information in critical departments such as radiology, pharmacy, medical device maintenance, patient document scanning and payment processing,” Henderson added.

    Source link

  • Ransomware attack closes schools in Nantucket | CNN Politics

    Ransomware attack closes schools in Nantucket | CNN Politics



    CNN
     — 

    A ransomware attack forced the closure Tuesday of four public schools serving 1,700 students on the island of Nantucket, Massachusetts, the school district’s superintendent said in an email to parents.

    The hacking incident shut down all student and staff devices, as well as safety and security systems at Nantucket Public Schools, forcing an early dismissal at noon on Tuesday, Superintendent Elizabeth Hallett said in the email, which she shared with CNN.

    The news came as Tucson Unified School District (TUSD), which calls itself the largest pre-K-12 school district in southern Arizona, also suffered a ransomware attack in recent days, according to local news reports. Representatives of TUSD did not respond to emails seeking comment. There was no evidence that the two incidents were related.

    Ransomware – malicious software that locks computers and holds them for ransom – has for years plagued US schools and other organizations that can be short on money and personnel to defend themselves from hacks.

    The hacks often force schools to temporarily close, further disrupting learning during the coronavirus pandemic. The lack of cybersecurity budgeting at primary schools is a “major constraint to implementing effective cybersecurity programs across all K–12 entities,” the federal US Cybersecurity and Infrastructure Security Agency warned in a report this month.

    Nantucket Public Schools includes an elementary, middle and high school, and serves Nantucket, which is about 30 miles south of Cape Cod, Massachusetts.

    Athletic events at the school were still scheduled to proceed. “No school issued devices should be used at home until further notice, as it could compromise home networks,” Hallett said in her email to parents.

    “We do not have any updates yet on when we will return,” Hallett told CNN in a separate email.

    There have already been five ransomware attacks on US school districts in January, according to a tally from Brett Callow, threat analysts at cybersecurity firm Emsisoft. Forty-five US school districts operating 1,981 schools were hit by ransomware in 2022, according to Emsisoft.

    A year ago, New Mexico’s largest public school district had to close temporarily after a cyberattack hit computer systems that could affect learning and student safety.

    “The ransomware attacks on school districts across the country are a stark reminder that as a country we need to ensure our citizens are cyber literate,” Kevin Nolten, vice president of Cyber Innovation Center, a not-for-profit supported by federal grant money that promotes cybersecurity curricula in K-12 schools, told CNN.

    “Cybersecurity education is a national security issue and we must educate our country on protecting our most critical infrastructure from malicious attacks,” Nolten said in an email pointing to the high demand for cybersecurity skills in the workforce.

    Source link

  • New US ransomware strategy prioritizes victims but could make it harder to catch cybercriminals | CNN Politics

    New US ransomware strategy prioritizes victims but could make it harder to catch cybercriminals | CNN Politics


    Washington
    CNN
     — 

    US and European law enforcement’s disruption last week of a $100-million ransomware gang is the clearest public example yet of a new high-stakes strategy from the Biden administration to prioritize protecting victims of cybercrime – even if it means tipping off suspects and potentially make it harder to arrest them.

    The extent to which the FBI and Justice Department can carry out similar operations on other ransomware groups – and get the balance right between when to collect intelligence on hackers’ operations and when to shut down computer networks – could affect how acute the threat of ransomware attacks is to US critical infrastructure for years to come.

    In the case revealed last week, the FBI says it had extraordinary access for six months to the computer infrastructure of a Russian-speaking ransomware group known as Hive, which had extorted more than $100 million from victims worldwide, including hospitals. That covert access, officials said, allowed the FBI to pass “keys” to victims so that they could decrypt their systems and thwart $130 million in ransom payments.

    Justice officials are still trying to arrest the people behind Hive and know where some of them are located, a senior Justice Department official told CNN. But sometimes waiting for an arrest before seizing hacking infrastructure “may mean waiting for a very long time – perhaps an unacceptably long time,” the official said in an interview granted on the condition of anonymity to discuss the case.

    The decision to go public with a splashy news conference, fronted by FBI Director Christopher Wray and Attorney General Merrick Garland, before making any arrests is evidence of a new approach to ransomware attacks which cost the US hundreds of millions of dollars, if not billions, annually.

    The strategy shift toward doing more to help victims of cybercrime – announced a year ago – is loosely based on the US government’s approach to counterterrorism, which centers around disrupting plots and thwarting attacks.

    “I was preparing for this to be public long, long ago and was kind of surprised that we were able to do this for this long,” the senior Justice Department official said of US officials’ covert access to Hive computer servers.

    After multiple ransomware attacks hobbled US critical infrastructure firms in 2021, pressure grew on US law enforcement from Congress, the White House and the public to do more to disrupt the hackers’ operations.

    Still, the FBI announcement raised questions about why the bureau decided to go public with the action now rather than continuing to lurk in the Hive hackers’ networks and collect intelligence. And it is possible or even likely, US officials concede, that Hive’s operators will set up new infrastructure to try to resume their extortion attempts.

    One law enforcement source told CNN the timing made sense because US officials may have exhausted the intelligence they were going to glean from Hive’s servers.

    The senior Justice Department official explained the decision this way: “We saw significant value in the reputational damage we were going to incur against Hive by announcing this.”

    Like in other businesses, customers of ransomware gangs have a choice of who they buy hacking tools from. One goal of the operation, the senior Justice official said, was to “discredit” Hive in the eyes of other ransomware criminals and have a psychological effect on their operations.

    “Other [ransomware] groups will watch this and have to spend more time and money securing their infrastructure,” said Bill Siegel, CEO of Coveware, a cybersecurity firm that works closely with victims and the FBI.

    The spate of significant ransomware attacks in the US in 2021 brought more scrutiny to how quickly the FBI and its partners can mitigate the impact the attacks.

    After a July 2021 ransomware attack on a Florida-based software firm compromised up to 1,500 businesses, multiple US government agencies, including the FBI, deliberated about how and when to get the decryptor to victims. At least one victim organization, a Maryland tech firm, complained that they could have used the decryption key earlier to save on recovery costs, the Washington Post reported.

    US officials weigh a number of factors when considering law enforcement operations to disrupt cybercriminal groups, a senior FBI official told CNN, including how the disruption will impact the broader cybercriminal ecosystem, how the FBI can help victims of the hackers recover, and the long-term “pursuit of justice” for the victims.

    “Each case is different as far as what access [to the hackers’ infrastructure] looks like … what can be done quietly versus noisily,” the senior FBI official said. “Those all go into it.”

    John Riggi, a former senior FBI official who is now national adviser for cybersecurity and risk at the American Hospital Association, applauded the disruption of Hive and hoped the crackdown on ransomware groups would continue. But ransomware attacks on health care organizations will likely continue as long as the hackers are getting paid off and are willing to tolerate the risk of carrying out the attacks, Riggi said.

    Some cybercriminals “still view their attacks on hospitals as primarily data and financially motivated,” he told CNN.

    One lingering problem for the FBI: Not enough victims are reporting ransomware attacks, leaving the bureau in the dark about the scope of the threat. Just 20% of Hive’s victim reported an incident to the FBI, Director Christopher Wray said last week.

    “I still think that people have concerns that when they call the FBI that we’re going to come in with coats and we’re going to take their servers and they’re going to lose control of their business,” the senior FBI official told CNN. “And that’s so far from the truth, but most people are not interacting with the FBI on a daily basis.”

    Source link

  • Scammers posed as tech support to hack employees at two US agencies last year, officials say | CNN Politics

    Scammers posed as tech support to hack employees at two US agencies last year, officials say | CNN Politics



    CNN
     — 

    Cybercriminals hacked employees of at least two US federal civilian agencies last year as part of a “widespread” fraud campaign that sought to steal money from individuals’ bank accounts, US cybersecurity officials revealed Wednesday.

    In one case, the unidentified hackers posed as tech support, convinced a federal employee to call them and then instructed the federal employee to visit a malicious website, according to the advisory from the US Cybersecurity and Infrastructure Security Agency, National Security Agency and a threat-sharing center for state and local governments known as MS-ISAC.

    The goal of the scam, which appears to have hit both private sector and government agencies, was to trick victims into sending the scammers money. It was unclear if that happened in the case of the federal employees.

    The episodes underscore how federal officials, like others, can be duped into sharing sensitive financial information – and that they might not find out about it for weeks or months afterward.

    CISA discovered the activity in October 2022, but the hackers had been sending phishing emails to federal employees’ personal and government email accounts since at least June, according to the advisory.

    Forensic analysis “identified related activity” on many other federal networks in addition to the two initial agency victims, the advisory said.

    While financially motivated crooks were apparently behind this campaign, the US agencies said they were concerned such hackers could sell stolen data to government-backed spies. The legitimate tech-support software used in the scam is useful for hackers looking to maintain covert, long-term access to a network, officials said.

    Source link

  • Republican lawmaker indicates Congress will investigate TSA no-fly list breach | CNN Politics

    Republican lawmaker indicates Congress will investigate TSA no-fly list breach | CNN Politics



    CNN
     — 

    A Republican congressman who serves on the House Homeland Security Committee said Congress “will be coming for answers” after a hacker revealed the Transportation Security Administration’s no-fly list of known or suspected terrorists was accessible on an unsecured computer server.

    “The entire US no-fly list – with 1.5 million+ entries – was found on an unsecured server by a Swiss hacker,” Bishop said in a tweet. “Besides the fact that the list is a civil liberties nightmare, how was this info so easily accessible?”

    The North Carolina lawmaker, who sits on the House Homeland Security Committee, indicated Congress will investigate the data exposure revealed on Friday.

    “We’ll be coming for answers,” Bishop claimed, possibly making the breach the latest in a long list of inquiries House Republicans have pledged to launch now that they have control of the lower chamber.

    CNN has contacted the committee for comment.

    In an earlier statement to CNN, the TSA said Friday it is “aware of a potential cybersecurity incident, and we are investigating in coordination with our federal partners.”

    The data was sitting on the public internet in an unsecured computer server hosted by CommuteAir, a regional airline based in Ohio, according to the hacker claiming the discovery, CNN previously reported.

    The hacker, who also describes herself as a cybersecurity researcher, previously told CNN she notified CommuteAir of the data exposure.

    The regional airline said in a statement that the data accessed by the hacker was “an outdated 2019 version of the federal no-fly list” that included names and birthdates.

    The no-fly list is a set of known, or suspected, terrorists, who are barred from flying to or in the US. The screening program grew out of the September 11, 2001, terrorist attacks and involves airlines comparing their passenger records with federal data to keep dangerous people off planes.

    CNN previously reported that CommuteAir, which exclusively operates 50-seat regional flights for United Airlines from Washington Dulles, Houston and Denver hubs, said it took the affected computer server offline after a “member of the security research community” had contacted the airline.

    The Daily Dot, a tech news outlet, first reported on the supposed data breach.

    Source link

  • 37 million T-Mobile customers were hacked | CNN Business

    37 million T-Mobile customers were hacked | CNN Business


    New York
    CNN
     — 

    T-Mobile said a “bad actor” accessed personal data from 37 million current customers in a November data breach.

    In a regulatory filing Thursday, the company said the hacker stole customer data that included names, billing addresses, emails, phone numbers, dates of birth, T-Mobile account numbers and information describing the kind of service they have with the wireless carrier. T-Mobile said no social security numbers, credit card information, government ID numbers, passwords, PINs or financial information were exposed in the hack.

    Nevertheless, that information can be compiled with other stolen or publicly available information and used by scammers to steal people’s identities or money. T-Mobile said it is working with law enforcement and has begun to notify customers whose information may have been breached.

    The wireless carrier didn’t indicate what it might do to remedy the situation. It noted that it could be on the hook for “significant expenses” because of the hack, although the company said it doesn’t expect the charges will have a material effect on T-Mobile’s bottom line.

    After T-Mobile

    (TMUS)     learned about the data breach, the company said it hired an external cybersecurity team to investigate. T-Mobile

    (TMUS)     was able to discover the source of the breach and stop it a day after the hack was discovered. The company says it continues to investigate the breach but believes it is “fully contained.” It also noted T-Mobile

    (TMUS)    ’s systems and network do not appear to have been hacked.

    “Protecting our customers’ data remains a top priority,” T-Mobile said in a statement. “We will continue to make substantial investments to strengthen our cybersecurity program.”

    The company noted that it began a “substantial, multi-year investment” in 2021 to improve its cybersecurity capabilities and protections.

    Source link

  • Hackers post email addresses linked to 200 million Twitter accounts, security researchers say | CNN Business

    Hackers post email addresses linked to 200 million Twitter accounts, security researchers say | CNN Business



    CNN
     — 

    Email addresses linked to more than 200 million Twitter profiles are currently circulating on underground hacker forums, security experts say. The apparent data leak could expose the real-life identities of anonymous Twitter users and make it easier for criminals to hijack Twitter accounts, the experts warned, or even victims’ accounts on other websites.

    The trove of leaked records also includes Twitter users’ names, account handles, follower numbers and the dates the accounts were created, according to forum listings reviewed by security researchers and shared with CNN.

    “Bad actors have won the jackpot,” said Rafi Mendelsohn, a spokesman for Cyabra, a social media analysis firm focused on identifying disinformation and inauthentic online behavior. “Previously private data such as emails, handles, and creation date can be leveraged to build smarter and more sophisticated hacking, phishing and disinformation campaigns.”

    Some reports suggested the data was collected in 2021 through a bug in Twitter’s systems, a flaw the company fixed in 2022 after a separate incident in July involving 5.4 million Twitter accounts alerted the company to the vulnerability.

    Troy Hunt, a security researcher, said Thursday that his analysis of the data “found 211,524,284 unique email addresses” that had been leaked. The Washington Post earlier reported a forum listing promoting the data of 235 million accounts.

    Hunt did not immediately respond to a question from CNN asking whether the records would be added to his website, haveibeenpwned.com, which allows users to search hacked records to determine if they have been affected. CNN has not independently verified the records’ authenticity.

    Twitter didn’t immediately respond to a request for comment. Its communication team, along with roughly half of Twitter’s overall workforce, was gutted after billionaire Elon Musk completed his acquisition the company in late October. The significant staff reductions could now add to concerns about the company’s ability to respond to security threats.

    The breadth of the leaked data could allow malicious actors or repressive governments to connect anonymous Twitter handles with the real names or email addresses of their owners, potentially unmasking dissidents, journalists, activists or other at-risk users around the world, security researchers warn.

    “For those people, this is a very consequential breach,” said John Scott-Railton, a security researcher at The University of Toronto’s Citizen Lab.

    The account data could also be valuable to hackers who can use the information as part of password-reset attempts and account takeovers. The risk is particularly high for individuals who use the same account credentials on Twitter as they do for other digital services such as banks or cloud storage, researchers said, because hackers could take information gleaned from the leak to pry open user accounts elsewhere.

    Verified Twitter users caught up in the apparent leak, or users with particularly large followings, will be particularly valuable targets as a result of the leak, security experts warned, as those account holders may be especially influential celebrities or susceptible to extortion.

    To protect themselves from phishing attempts, internet users should use unique passwords for each online service and keep track of them using a digital password manager, security researchers say. They should also enable multi-factor authentication for each of their accounts, and exercise caution when opening unsolicited email or links.

    According to the cybersecurity news outlet BleepingComputer, which did claim to test the data, the latest dump appears similar to a leaked dataset advertised on hacking forums in November containing an alleged 400 million records, but slimmed down to eliminate some duplicate records. Twitter has not commented on that leak.

    Reports of the leak could expand Twitter’s already significant legal and regulatory risk.

    In December, Twitter’s main European privacy regulator, the Irish Data Protection Commission, said it is investigating the July 2022 leak as a possible violation of Europe’s signature privacy law, known as GDPR.

    Last summer, the company’s former head of security, Peiter “Mudge” Zatko, filed a whistleblower report to the US government alleging long-ignored security vulnerabilities in Twitter’s operations. Zatko claimed that Twitter’s shortcomings on security reflected a breach of Twitter’s binding commitments to the Federal Trade Commission, a serious offense. (Twitter broadly and repeatedly pushed back at Zatko’s allegations.)

    Successive incidents at Twitter have led to the company signing two consent orders with the FTC since 2011 to improve its cybersecurity posture. Violations of FTC orders can lead to fines, business restrictions and even sanctions targeting individual executives.

    In November, top Twitter officials responsible for privacy and security resigned from the company, just days after Musk closed his purchase of the platform and amid the mass layoffs that in some cases cut whole departments.

    Source link

  • Hackers stole data from multiple electric utilities in recent ransomware attack | CNN Politics

    Hackers stole data from multiple electric utilities in recent ransomware attack | CNN Politics



    CNN
     — 

    Hackers stole data belonging to multiple electric utilities in an October ransomware attack on a US government contractor that handles critical infrastructure projects across the country, according to a memo describing the hack obtained by CNN.

    Federal officials have closely monitored the incident for any potential broader impact on the US power sector while private investigators have combed the dark web for the stolen data, according to the memo sent this month to power company executives by the North American grid regulator’s cyberthreat sharing center.

    The previously unreported incident is a window into how ransomware attacks on critical US companies are handled behind the scenes as lawyers and federal investigators quietly spring into action to determine the extent of the damage.

    The ransomware attack hit Chicago-based Sargent & Lundy, an engineering firm that has designed more than 900 power stations and thousands of miles of power systems and that holds sensitive data on those projects.

    The firm also handles nuclear security issues, working with the departments of Defense, Energy and other agencies “to strengthen nuclear deterrence” and keep weapons of mass destruction out of terrorists’ hands, according to its website.

    Two people familiar with the investigation of the Sargent & Lundy hack told CNN that the incident was contained and remediated, and didn’t appear to have a broader impact on other power-sector firms.

    There is no sign that data stolen from Sargent & Lundy, which includes “model files” and “transmission data” the firm uses for utility projects, is on the dark web, according to the memo from the Electricity Information Sharing and Analysis Center.

    But security experts have long been concerned that schematics held by electric and nuclear power contractors could be dumped online and used for follow-on physical or cyberattacks on those facilities.

    “These are literally the configurations for your programmable logic controllers, your relays,” said longtime security consultant Patrick Miller, referring to critical electric equipment that keeps the lights on. “We’re really concerned about the data that’s in those organizations.”

    Those concerns are particularly acute following a spate of physical attacks and vandalism at electric utilities in multiple states. Tens of thousands of people lost power in Moore County, North Carolina, this month after Duke Energy substations were damaged by gunfire. On Christmas, thousands of people lost power in a Washington county after someone vandalized multiple substations there.

    “We’re fully recovered from the incident, which had minimal impact on our normal business operations,” Brenda Romero, a spokesperson for Sargent & Lundy, said in a statement to CNN. Romero said the firm “notified law enforcement” of the hack.

    Romero declined to answer further questions on the ransomware attack, including whether the hackers had tried to extort Sargent & Lundy, citing an ongoing investigation.

    The Biden administration has urged companies to share data on such hacks as US officials have tried to get a grip on the epidemic of ransomware, which has cost critical infrastructure firms many millions of dollars.

    The hackers that hit Sargent & Lundy used a strain of ransomware known as Black Basta that first surfaced early this year, according to two people familiar with the investigation. Scores of Black Basta attacks have been reported since April, according to cybersecurity firm Palo Alto Networks. The hackers steal data from their victims to give them added leverage in ransom negotiations.

    Sargent & Lundy is one of several engineering firms whose work on critical infrastructure projects cuts across different sectors of the economy. For US cybersecurity officials, this engineering work can be harder to evaluate in terms of its risk to supply chain security than a firm that only makes software.

    Federal regulations require electric utilities to maintain certain cybersecurity standards for protecting their systems from hacks. Companies that contract with those utilities, such as Sargent & Lundy, aren’t necessarily held to the same standard and are instead bound by the security requirements in the contract, experts told CNN.

    “Utilities are effectively allowed to accept as much risk as they want,” said Miller, who is CEO of Oregon-based Ampere Industrial Security, a consulting firm. “Is it perfect? No, but [the contractors] are being assessed [for their security] in some ways through the utilities.”

    Source link

  • Brooklyn hospital network reverts to paper charts for weeks after cyberattack | CNN Business

    Brooklyn hospital network reverts to paper charts for weeks after cyberattack | CNN Business


    New York
    CNN
     — 

    A network of three hospitals in Brooklyn, New York, has had to work off paper charts for weeks following a cyberattack on its computer systems in late November, the hospital group’s chief executive told CNN Monday.

    The hack affected “clinical applications,” including “those used for imaging and other critical services,” but many of those applications have been restored, One Brooklyn Health CEO LaRay Brown said in an email.

    It’s an example of how hacking incidents have continued to hamper hospitals as the coronavirus pandemic drags on — and of how recovering from the hacks can be painstaking and disruptive for hospital staff.

    One Brooklyn Health operates Brookdale University Hospital Medical Center, Interfaith Medical Center and Kingsbrook Jewish Medical Center.

    One staff member at Brookdale told the New York Times that, because of the hack, diagnostic imaging at the medical center had to be sent out to a third party provider rather than done in-house.

    “No patients were adversely effected,” Brown told CNN in an email Monday, adding that the hospitals remain open to patients. “We continue to provide care for our patients using downtime procedures for which our clinicians and administrators have been trained.”

    More than 80% of the computer workstations that One Brooklyn Health doctors and staff use to support hospital operations have been restored, Brown said. Hospital administrators have begun putting some clinical data into patients’ electronic medical records, she added.

    Brown did not answer questions about whether One Brooklyn Health was dealing with a ransomware attack, which locks up computer systems until a ransom is paid. But plenty of other hospitals across the country have had to deal with such extortion attempts.

    One IT administrator at a 100-bed hospital in Florida recounted to CNN how he shut down the facility’s computer systems in January to prevent a ransomware attack from spreading throughout the hospital.

    Many hospitals in rural or poor areas do not have the resources to defend their networks from hackers.

    “Cyber safety and resilience cannot be allowed to break across socioeconomic lines,” said Joshua Corman, who helped lead a taskforce at the US Cybersecurity and Infrastructure Security Agency to protect coronavirus research from hacking. “The majority of US hospitals are target-rich, but cyber poor.”

    The cybersecurity of computer networks that can affect human safety “needs to become a national priority,” said Corman, now a vice president at cybersecurity firm Claroty.

    Brookdale Hospital is located in the Brownsville neighborhood of Brooklyn, one of the poorest areas in New York City. It was so overwhelmed and desperate for resources at the height of the coronavirus pandemic in New York that one doctor told CNN at the time that his hospital had become “a war zone.”

    – CNN’s Sarah Boxer contributed to this report

    Source link

  • Apple plans to expand encryption of iCloud data | CNN Business

    Apple plans to expand encryption of iCloud data | CNN Business



    CNN Business
     — 

    Apple on Wednesday said it plans to expand end-to-end encryption of iCloud data to include backups, photos, notes, chat histories and other services, in a move that could further protect user data but also add to tensions with law enforcement around the world.

    Among a handful of new security tools is a feature called Advanced Data Protection which will allow users to keep certain data more secure from hackers, governments and spies, even in the case of an Apple data breach. In addition, law enforcement would not be able to gain access to that data even with a warrant. With end-to-end encryption, not even the platform can access the data, only the sender and recipient.

    As a result, Apple would be unable to comply with requests to share this data stored in the cloud to officials as part of an investigation. Apple has previously clashed with law enforcement over attempts to access data on devices, including an effort by the FBI to break into the iPhone of one of the shooters behind the 2015 attack in San Bernardino, California.

    In recent years, Apple has increasingly made privacy a core pillar of its pitch to users through a mix of new tools, including a feature designed to protect journalists and human rights workers from spyware. The company framed the latest move as part of an effort to combat “increasingly sophisticated and complex” threats to user data from bad actors, as well as from a spike in the number of data breaches.

    Privacy groups have urged Apple for years to increase encryption for iCloud backups. In an interview with the Wall Street Journal, Craig Federighi, Apple’s senior vice president of software engineering, said some of the steps it took over a decade ago in designing iCloud and the way it encrypts its data were “necessary precursors to build toward this moment.”

    In a blog post, Apple

    (AAPL)     said iCloud already protects 14 sensitive data categories using end-to-end encryption by default, including passwords in iCloud Keychain and Health data, and it is adding nine new categories. Not included in the new list, however, is encryption for iCloud Mail, Contacts, and Calendar due to interoperability challenges, Apple

    (AAPL)     said.

    Matthew Green, a cryptographer and associate professor at the Johns Hopkins Information Security Institute, believes Apple’s increased effort will set a standard for others to increase encryption.

    “Why is this a big deal? Because Apple sets the standard on what secure (consumer) cloud backup looks like,” Green said in a series of tweets on Wednesday. “Even as an opt-in feature, this move will have repercussions all over the industry as competitors chase them.”

    In a statement Wednesday, the FBI said it “continues to be deeply concerned with the threat end-to-end and user-only-access encryption pose.”

    “This hinders our ability to protect the American people from criminal acts ranging from cyber-attacks and violence against children to drug trafficking, organized crime and terrorism,” the FBI said in the statement. “End-to-end and user-only-access encryption erodes law enforcement’s ability to combat these threats and administer justice for the American public.”

    – CNN’s Sean Lyngaas contributed to this report

    Source link

  • FDA requires medical devices be secured against cyberattacks | CNN Business

    FDA requires medical devices be secured against cyberattacks | CNN Business


    New York
    CNN
     — 

    The Food and Drug Administration will now require medical devices meet specific cybersecurity guidelines after years of concerns that a growing number of internet-connected products used by hospitals and healthcare providers could be hit by hacks and ransomware attacks.

    Under FDA guidance issued this week, all new medical device applicants must now submit a plan on how to “monitor, identify, and address” cybersecurity issues, as well as create a process that provides “reasonable assurance” that the device in question is protected. Applicants will also need to make security updates and patches available on a regular schedule and in critical situations, and provide the FDA with “a software bill of materials,” including any open-source or other software their devices use.

    The new security requirements came into effect as part of the sweeping $1.7 trillion federal omnibus spending bill signed by President Joe Biden in December. As part of the new law, the FDA must also update its medical device cybersecurity guidance at least every two years.

    A 2022 report released by the FBI cited research finding 53% of digital medical devices and other internet-connected products in hospitals had known critical vulnerabilities. The report listed a number of medical devices that are susceptible to cyber attacks, including insulin pumps, intracardiac defibrillators, mobile cardiac telemetry and pacemakers.

    “Malign actors who compromise these devices can direct them to give inaccurate readings, administer drug overdoses, or otherwise endanger patient health,” according to the FBI report.

    In 2021, a group of researchers investigating software used in medical devices and machinery used in other industries found over a dozen vulnerabilities that, if exploited by a hacker, could cause critical equipment such as patient monitors to crash.

    The FDA has faced criticisms over the years for not doing enough.

    A 2018 report from the US Department of Health and Human Services’ Office of the Inspector General said the FDA was not adequately protecting devices from getting hacked.

    “FDA had plans and processes for addressing certain medical device problems in the postmarket phase, but its plans and processes were deficient for addressing medical device cybersecurity compromises,” the report said.

    Source link

  • UK citizen extradited to US pleads guilty to 2020 Twitter hack | CNN Business

    UK citizen extradited to US pleads guilty to 2020 Twitter hack | CNN Business



    Reuters
     — 

    A citizen of the United Kingdom who was extradited to New York from Spain last month has pleaded guilty to cyberstalking and computer hacking schemes, including the 2020 hack of the social media site Twitter, the U.S. Justice Department said on Tuesday.

    Joseph James O’Connor, 23, was charged in both North Dakota and New York. The North Dakota case was transferred to the U.S. District Court for the Southern District of New York.

    O’Connor pleaded guilty to charges including conspiring to commit computer intrusions, to commit wire fraud and to commit money laundering.

    O’Connor, who was extradited to the U.S. on April 26, will also forfeit more than $794,000 and pay restitution to victims, prosecutors said. He faces a maximum of 77 years in prison at sentencing on June 23.

    “O’Connor’s criminal activities were flagrant and malicious, and his conduct impacted multiple people’s lives. He harassed, threatened, and extorted his victims, causing substantial emotional harm,” Assistant Attorney General Kenneth Polite said in a statement.

    Prosecutors said the schemes included gaining unauthorized access to social media accounts on Twitter in July 2020 as well as a TikTok account in August 2020. Along with his co-conspirators, O’Connor stole at least $794,000 worth of cryptocurrency.

    The July 2020 Twitter attack hijacked a variety of verified accounts, including those of then-Democratic presidential candidate Joe Biden and Tesla CEO Elon Musk, who now owns Twitter.

    The accounts of former President Barack Obama, reality TV star Kim Kardashian, Bill Gates, Warren Buffett, Benjamin Netanyahu, Jeff Bezos, Michael Bloomberg and Kanye West were also hit.

    The alleged hacker used the accounts to solicit digital currency, prompting Twitter to prevent some verified accounts from publishing messages for several hours until security could be restored.

    Source link

  • Biden picks Air Force general to lead NSA and Cyber Command | CNN Politics

    Biden picks Air Force general to lead NSA and Cyber Command | CNN Politics



    CNN
     — 

    President Joe Biden has nominated an Air Force general to head the nation’s powerful electronic spying agency and the US military command that conducts offensive cyber operations – a crucial position as the US continues to battle Russia, China and other foes in cyberspace.

    Lt. Gen. Timothy Haugh, who has served for years in senior US military cyber positions, is Biden’s choice to replace outgoing Army Gen. Paul Nakasone as head of the National Security Agency and US Cyber Command, an Air Force official confirmed to CNN.

    Politico first reported on Haugh’s nomination.

    The White House did not respond to a request for comment.

    Haugh’s nomination could face a roadblock in the Senate after Republican Sen. Tommy Tuberville of Alabama put a hold on senior military nominations because he objects to the department’s abortion travel policy.

    Haugh is currently deputy of US Cyber Command, a command of thousands of US military personnel who conduct offensive and defensive cyber operations to protect US critical infrastructure. Officials from the command traveled to Ukraine in late 2021 to prepare Kyiv for an onslaught of Russian cyberattacks that accompanied the full-scale Russian invasion.

    The command and NSA also have taken an increasingly active role in helping defend American elections from foreign interference under Nakasone’s leadership over the last five years.

    During the 2020 election, Iranian hackers accessed a US municipal website for reporting unofficial election results and Cyber Command kicked the hackers off the network out of concern that they might post fake results on the website, a senior US military official revealed last month.

    Haugh’s nomination signals a continued emphasis on election security work at Fort Meade, the sprawling military base in Maryland where the NSA and Cyber Command are housed. As a senior US military cyber official, Haugh has been involved in election security discussions in recent midterm and general elections.

    Source link

  • Dutch watchdog looking into alleged Tesla data breach | CNN Business

    Dutch watchdog looking into alleged Tesla data breach | CNN Business



    Reuters
     — 

    The data protection watchdog for the Netherlands said on Friday it was aware of possible Tesla data protection breaches, but it was too early for further comment.

    Germany’s Handelsblatt reported on Thursday that Elon Musk’s Tesla had allegedly failed to adequately protect data from customers, employees and business partners, citing 100 gigabytes of confidential data leaked by a whistleblower.

    “We are aware of the Handelsblatt story and we are looking into it,” said a spokesperson for the AP data watchdog in the Netherlands, where Tesla’s European headquarters is located.

    They declined all comment on whether the agency might launch or have launched an investigation, citing policy. The Dutch agency was informed by its counterpart in the German state of Brandenberg.

    Handelsblatt said Tesla notified the Dutch authorities about the breach, but the AP spokesperson said they were not aware if the company had made any representations to the agency.

    Tesla was not immediately available for comment on Friday on the Handelsblatt report, which said customer data could be found “in abundance” in a data set labelled “Tesla Files”.

    The data protection office in Brandenburg, which is home to Tesla’s European gigafactory, described the data leak as “massive”.

    “I can’t remember such a scale,” Brandenburg data protection officer Dagmar Hartge said, adding that the case had been handed to the Dutch authorities who would be responsible if the allegations led to an enforcement action.

    The Dutch authorities has several weeks to decide whether to deal with the case as part of a European procedure, she added.

    The files include tables containing more than 100,000 names of former and current employees, including the social security number of Tesla CEO Musk, along with private email addresses, phone numbers, salaries of employees, bank details of customers and secret details from production, Handelsblatt reported.

    The breach would violate the GDPR, it said.

    If such a violation was proved, Tesla could be fined up to 4% of its annual sales, which could be 3.26 billion euros.

    German union IG Metall said the revelations were “disturbing” and called on Tesla to inform employees about all data protection violations and promote a culture in which staff could raise problems and grievances openly and without fear.

    “These revelations … fit with the picture that we have gained in just under two years,” said Dirk Schulze, IG Metall incoming district manager for Berlin, Brandenburg and Saxony.

    Handelsblatt quoted a lawyer for Tesla as saying a “disgruntled former employee” had abused their access as a service technician, adding that the company would take legal action against the individual it suspected of the leak.

    Citing the leaked files, the newspaper reported about thousands of customer complaints regarding the carmaker’s driver assistance systems with around 4,000 complaints on sudden acceleration or phantom braking.

    Last month, a Reuters report showed that groups of Tesla employees privately shared via an internal messaging system sometimes highly invasive videos and images recorded by customers’ car cameras between 2019 and 2022.

    This week, Facebook parent Meta was hit with a record 1.2 billion euro ($1.3 billion) fine by its lead European Union privacy regulator over its handling of user information and given five months to stop transferring user data to the U.S.

    Source link

  • Russian-speaking cyber gang claims credit for hack of BBC and British Airways employee data | CNN Business

    Russian-speaking cyber gang claims credit for hack of BBC and British Airways employee data | CNN Business



    CNN
     — 

    A group of Russian-speaking cyber criminals has claimed credit for a sweeping hack that has compromised employee data at the BBC and British Airways and left US and UK cybersecurity officials scrambling to respond.

    The hackers, known as the CLOP ransomware gang, say they have “information on hundreds of companies.” They’ve given victims until June 14 to discuss a ransom before they start publishing data from companies they claim to have hacked, according to a dark web posting seen by CNN.

    The extortion threat adds urgency to an already high-stakes security incident that has forced responses from tech firms, corporations and government agencies from the US to Canada and the UK.

    The compromise of employee data at the BBC and British Airways came via a breach of a human resources firm, Zellis, that both organizations use.

    “We are aware of a data breach at our third-party supplier, Zellis, and are working closely with them as they urgently investigate the extent of the breach,” a BBC spokesperson told CNN Wednesday. The spokesperson declined to comment on the hackers’ extortion threat.

    A British Airways spokesperson said the company had “notified those colleagues whose personal information has been compromised to provide support and advice.”

    The hackers — a well-known group whose favored malware emerged in 2019 — last week began exploiting a new flaw in a widely used file-transfer software known as MOVEit, appearing to target as many exposed organizations as they could. The opportunistic nature of the hack left a broad swath of organizations vulnerable to extortion.

    Numerous US state government agencies use the MOVEit software, but it’s unclear how many agencies, if any, have been compromised.

    The US Cybersecurity and Infrastructure Security Agency has ordered all federal civilian agencies to update the MOVEit software in light of the hack. No federal agencies have been confirmed as victims, a CISA spokesperson told CNN.

    Together with the Federal Bureau of Investigation, CISA also released advice on dealing with the CLOP hack. Progress, the US firm that owns the MoveIT software, has also urged victims to update their software packages and has issued security advice.

    CISA Executive Director for Cybersecurity Eric Goldstein said in a statement: “CISA remains in close contact with Progress Software and our partners at the FBI to understand prevalence within federal agencies and critical infrastructure.”

    But the effort to respond to the cyber attack is very much ongoing.

    The CLOP hackers are “overwhelmed with the number of victims,” according to Charles Carmakal, chief technology officer at Mandiant Consulting, a Google-owned firm that has investigated the hack. “Instead of directly reaching out to victims over email or telephone calls like in prior campaigns, they are asking victims to reach out to them via email,” he said on LinkedIn Tuesday night.

    Allan Liska, a ransomware expert at cybersecurity firm Recorded Future, also told CNN: “Unfortunately, the sensitive nature of the data often stored on MOVEit servers means there will likely be real consequences stemming from the [data theft] but it will be months before we understand the full fallout from this attack.”

    Source link

  • Hackers threaten to leak stolen Reddit data if company doesn’t pay $4.5 million and change controversial pricing policy | CNN Business

    Hackers threaten to leak stolen Reddit data if company doesn’t pay $4.5 million and change controversial pricing policy | CNN Business



    CNN
     — 

    Reddit’s month may be going from bad to worse.

    Hackers from the BlackCat ransomware gang, also known as ALPHV, are threatening to leak 80 gigabytes of confidential data from Reddit that they claim to have stolen during a February breach, according to a post from the group on the dark web, which was reviewed by CNN and an independent cybersecurity expert.

    In their post, the hackers claim they first demanded a $4.5 million payout “for the deletion of the data and our silence” in April. After receiving no response, the group said it followed up on Friday with an additional demand: Reddit should withdraw a controversial new pricing policy that has sparked a protest from some of the platform’s most influential users.

    Reddit CTO Chris Slowe previously posted about a security incident that took place in early February. In the post, Slowe said the company’s “systems were hacked as a result of a sophisticated and highly-targeted phishing attack,” with hackers accessing “some internal documents, code, and some internal business systems.” Only employee data was accessed, according to the post.

    A Reddit spokesperson confirmed to CNN on Monday that BlackCat’s post relates to the February incident. The spokesperson reiterated that no user data was accessed, but declined to comment beyond that.

    More than 6,000 Reddit forums went dark last Monday in what was supposed to be a two-day protest over the company’s plan to begin charging steep fees for some third party apps to access its platform. A week later, more than 3,500 Reddit forums remain dark.

    While the ransom note appears to support the protestors’ cause, some experts are skeptical of BlackCat’s actual motives.

    “I suspect that ALPHV doesn’t actually care about the API pricing. They simply want future victims to see how much ongoing harm they can cause to increase the likelihood of them deciding that payment is the least painful option,” said Brett Callow, threat analyst at cybersecurity firm Emsisoft, who reviewed the post on the dark web.

    BlackCat, for its part, said it does not expect Reddit to meet its demands.

    “We are very confident that Reddit will not pay for its data,” the group wrote in the post on the dark web. “We expect to leak the data.”

    Source link

  • SolarWinds chief vows to fight any legal action from US regulators over alleged Russian hack | CNN Business

    SolarWinds chief vows to fight any legal action from US regulators over alleged Russian hack | CNN Business



    CNN
     — 

    The chief executive of US software firm SolarWinds told employees Friday that “we intend to vigorously defend ourselves” in the face of potential legal action from US regulators over the firm’s handling of a sweeping 2020 breach by alleged Russian hackers, according to an internal SolarWinds email obtained by CNN.

    The US Securities and Exchange Commission has informed current and former SolarWinds executives that it intends to recommend “civil enforcement action” alleging the company broke federal securities laws in its public statements and “internal controls” related to the hack, SolarWinds said in a filing with regulators on Friday.

    The hackers – who the Biden administration said worked for the Russian foreign intelligence service – allegedly used SolarWinds software to access the unclassified email networks of the departments of Justice, Homeland Security and other agencies in a cybersecurity and counterintelligence failure that US officials vowed to rectify.

    The SEC notice is an indication that US regulators are moving closer to bringing a civil lawsuit against SolarWinds that could result in fines or other penalties. A so-called Wells notice from the enforcement agency is not a formal charge or determination that a defendant broke the law.

    “Despite our extraordinary measures to cooperate with and inform the SEC, they continue to take positions we do not believe match the facts,” SolarWinds CEO Sudhakar Ramakrishna said in the email to employees.

    SolarWinds “will continue to explore a potential resolution of this matter before the SEC makes any final decision,” Ramakrishna said, adding that the SEC investigation could be a “distraction” to employees in the coming months.

    The SEC did not respond to CNN’s request for comment Friday night. The Biden administration has increasingly embraced regulation as a means of forcing big software providers and critical infrastructure firms to improve their cybersecurity practices.

    “We are cooperating in a long investigative process that seems to be progressing to charges by the SEC against our company and officers,” a SolarWinds spokesperson said in a statement to CNN. “Any potential action will make the entire industry less secure by having a chilling effect on cyber incident disclosure.”

    Austin, Texas-based SolarWinds maintains that it acted appropriately in responding to the hack, which cybersecurity experts have called notable in its sophistication and scope. For several months in 2020, hackers used software made by SolarWinds and other technology firms to burrow into US government agencies and corporate victims in an apparent spying campaign.

    Moscow has denied involvement.

    After the hack became public, US lawmakers demanded answers from federal cybersecurity officials on why the hackers were undetected for so long, as well as criticized SolarWinds for its security practices prior to the hack.

    But SolarWinds says it has instituted numerous security reforms in the years since the hack, and has pushed that message of reform in public appearance with federal officials.

    Source link

  • TSMC confirms supplier data breach following ransom demand by Russian-speaking cybercriminal group | CNN Business

    TSMC confirms supplier data breach following ransom demand by Russian-speaking cybercriminal group | CNN Business



    CNN
     — 

    Taiwanese semiconductor giant TSMC confirmed Friday that one of its hardware suppliers was hacked and had data stolen from it, but said the incident had no impact on business operations.

    Confirmation of the breach came after Russian-speaking cybercriminals claimed TSMC as a victim on Thursday and demanded an extraordinary $70 million ransom from the semiconductor firm.

    There were no signs that TSMC or the hardware supplier, Taiwanese firm Kinmax, had any plans to pay the hackers (representatives from both companies didn’t respond to CNN’s questions about any ransom).

    TSMC — one of the world’s largest chipmakers and a key supplier to Apple

    (AAPL)     — was quick to assure investors and the public that the hack had no impact on its operations and that it did not compromise its customers’ data.

    “After the incident, TSMC has immediately terminated its data exchange with this concerned supplier in accordance with the Company’s security protocols and standard operating procedures,” TSMC said in a statement to CNN.

    The hackers accessed Kinmax’s internal “testing environment” for the technology it prepares to deliver to customers, Kinmax said in a statement distributed by TSMC.

    “The leaked content mainly consisted of system installation preparation that the Company provided to our customers as default configurations,” Kinmax said. The company apologized to customers whose names may show up in the leaked data.

    Ransomware groups are known to exaggerate the value of the data they steal and make outlandish demands that are never met.

    LockBit is the name of the group claiming responsibility for the hack of the TSMC supplier and the type of ransomware they use. LockBit ransomware was the most deployed ransomware around the world in 2022, according to US cybersecurity officials.

    Jon DiMaggio, an executive at security firm Analyst1 who has studied LockBit extensively, said the hackers will likely publish the stolen data or sell it if TSMC refuses to negotiate a ransom.

    For years, American officials and Taiwanese cybersecurity experts have looked to fortify the island’s infrastructure in the face of hacking threats.

    Taiwan’s chip industry is critical to the global hardware supply chain, making any potentially impactful cyberattacks on it a concern for government officials and business executives around the world.

    While the TSMC-related hacking incident doesn’t appear to have been impactful, a separate ransomware attack in 2020 on Taiwan’s state-run energy company temporarily disrupted some customers’ ability to pay for gas with company cards, according to local media reports at the time.

    Source link

  • Japan’s largest port hit with ransomware attack | CNN Business

    Japan’s largest port hit with ransomware attack | CNN Business


    New York
    CNN
     — 

    Japan’s busiest shipping port said Thursday it would resume operations after a ransomware attack prevented the port from receiving shipping containers for two days.

    The expected restoration of the Port of Nagoya, a hub for car exports and an engine of the Japanese economy, will ease concerns about any wider economic fallout from the ransomware attack.

    The hacking incident began Tuesday when the computer system that handles shipping containers was knocked offline, according to a statement from the Nagoya Harbor Transportation Association. The hack forced the port to stop handling shipping containers that came to the terminal by trailer, the association said.

    Ransomware is a type of malicious software that typically locks the computers of a victim organization so that hackers can demand payment.

    This is the first reported ransomware attack on a Japanese port, and the incident has “created great concerns over the impact on the local economy and supply chain including the auto industry,” Mihoko Matsubara, chief cybersecurity strategist at NTT Corporation, a Japanese telecom firm, told CNN.

    Japanese media reported that LockBit, a type of ransomware linked with Russian-speaking hackers, was used in the hack.

    The LockBit cybercriminal group has been prolific in recent weeks, claiming Taiwanese semiconductor giant TSMC as a victim last week (TSMC said one of its hardware suppliers was hacked but the incident had no impact on TSMC’s business operations.)

    As of midday Thursday in Japan, there was no claim of responsibility for the Port of Nagoya ransomware attack from the LockBit group on their dark-web site.

    It was unclear if the Port of Nagoya received a ransom demand. CNN was unable to reach a spokesperson for the port association.

    Japanese critical infrastructure operators should drill for cyberattacks on their supply chains and have a response plan in place, given threats from both cybercriminals and state-backed hackers, Matsubara told CNN.

    Though this may be a first for Japan, ransomware and related hacks have hit ports in other countries.

    In 2017, malicious software allegedly unleashed by the Russian military on Ukraine spread around the world and disrupted operations at shipping giant Maersk, coasting the company an estimated $300 million.

    — CNN’s Mayumi Maruyama contributed to this report

    Source link

  • China-based hackers breached US government email accounts, Microsoft and White House say | CNN Politics

    China-based hackers breached US government email accounts, Microsoft and White House say | CNN Politics



    CNN
     — 

    China-based hackers have breached email accounts at two-dozen organizations, including some United States government agencies, in an apparent spying campaign aimed at acquiring sensitive information, according to statements from Microsoft and the White House late Tuesday.

    The full scope of the hack is being investigated, but US officials and Microsoft have been quietly scrambling in recent weeks to assess the impact of the hack, which targeted unclassified email systems, and contain the fallout.

    The federal agency where the Chinese hackers were first detected was the State Department, a person familiar with the matter told CNN. The State Department then reported the suspicious activity to Microsoft, the person said.

    The Department of Commerce, which has sanctioned Chinese telecom firms, was also breached. The hackers accessed Commerce Secretary Gina Raimondo’s email account, one source familiar with the investigation told CNN. The Washington Post first reported on the access of the secretary’s account.

    The Chinese hackers were detected targeting a small number of federal agencies and just a handful of officials’ email accounts at each agency in a hack aimed at specific officials, multiple sources familiar with the investigation told CNN.

    “Microsoft notified the (Commerce) Department of a compromise to Microsoft’s Office 365 system, and the Department took immediate action to respond,” a department spokesperson said in a statement on Wednesday.

    The spokesperson did not immediately reply to a request for comment on the targeting of Raimondo’s email account.

    The hackers targeted email accounts at the House of Representatives, but it was unclear who was targeted and if the breach attempts were successful, two sources familiar with the matter told CNN.

    The breaches add to what is already one of the steepest cybersecurity challenges facing the Biden administration: limiting the ability of Beijing’s formidable hacking teams to access US government and corporate secrets.

    “Last month, US government safeguards identified an intrusion in Microsoft’s cloud security, which affected unclassified systems,” National Security Council spokesperson Adam Hodge said in a statement to CNN.

    “Officials immediately contacted Microsoft to find the source and vulnerability in their cloud service,” Hodge said. “We continue to hold the procurement providers of the US Government to a high security threshold.”

    The State Department “detected anomalous activity, took immediate steps to secure our systems, and will continue to closely monitor and quickly respond to any further activity,” a department spokesperson said on Wednesday.

    US Capitol Police declined to comment, referring CNN to the FBI.

    Hodge did not identify who was behind the hack, but Microsoft executives said in a blog post that the hackers were based in China and focused on espionage.

    In response to the Microsoft and White House statements, the Chinese foreign ministry on Wednesday accused Washington of conducting its own hacking operations.

    US officials have consistently labeled China as the most advanced of US adversaries in cyberspace, a domain that has repeatedly been a source of bilateral tension in recent years. The FBI has said Beijing has a larger hacking program than all other governments combined.

    China has routinely denied the allegations.

    The hacking began in mid-May, when the China-based hackers used a stolen sign-in key to burrow their way into email accounts, according to Microsoft. The tech giant has since blocked the hackers from accessing customer emails using that technique, Microsoft said late Tuesday.

    Secretary of State Antony Blinken visited China in mid-June, but it was not immediately clear if the cyber-espionage campaign was connected to that high-stakes visit.

    Some US officials credited the State Department with investing in more cyber-defense capabilities, allowing the agency to detect the suspicious activity earlier than in past advanced hacks.

    The number of US organizations, public or private, impacted by the hacking campaign is in the “single digits,” a senior US Cybersecurity and Infrastructure Security Agency official told reporters on Wednesday.

    “This appears to have been a very targeted, surgical campaign,” the official said.

    This story has been updated with additional information.

    Source link