The Biden administration isn't hesitating to blame China for a string of Microsoft Exchange cyberattacks. The White House has declared "with a high degree of confidence" that hackers linked to China's Ministry of State Security (MSS) were responsible for a digital espionage campaign using the Exchange vulnerabilities. Officials have confronted senior Chinese leadership with this and "broader" hostile online activity, the White House said.

The US further accused China of running an intelligence operation that relied on "contract hackers" who frequently launched attacks meant solely for profit, such as ransomware schemes and crypto jacking. The Chinese government's reported unwillingness to tackle these abuses is believed to hurt businesses, governments and infrastructure with "billions of dollars" in damage, the White House said.

Accordingly, the Justice Department has revealed indictments of four MSS-affiliated Chinese men for allegedly conducting an extended hacking campaign meant to steal intellectual property and trade secrets, including health research. The initiative, which ran between 2011 and 2018, reportedly saw Ding Xiaoyang, Cheng Qingmin, Zhu Yunmin and Wu Shurong compromise comptuers worldwide to grab information ranging from autonomous vehicle technology and chemical formulas through to research on Ebola, AIDS and other diseases.

Biden's administration has already taken multiple actions in response to attacks, including "proactive network defense actions" like deleting backdoors on compromised Exchange servers. It added private companies to its Unified Coordination Group to bolster its security incident response. CISA, the FBI and the NSA also released an advisory outlining China's strategy for compromising US and ally networks using the Exchange holes and other methods.

This comes on top of stricter security rules for pipeline companies as well as a pilot to tackle vulnerabilities in sectors like electricity and water supply.

China has historically denied involvement in attacks like these, and it's doubtful the country will have a change of heart after this. The White House effort is more of a warning — the US will not only pin attacks on China, but respond to them in kind.

California might soon make it practical for small internet providers to deliver speedy broadband, not just well-heeled incumbents. Ars Technicareports that the state Assembly and Senate have unanimously passed legislation that will create a statewide open fiber network that promises truly fast internet access from smaller ISPs, particularly in rural or otherwise underserved areas.

The strategy will devote $3.25 billion to the construction of a "middle-mile" network that won't directly connect customers, but should make it much easier for ISPs to launch or upgrade their service. Another $2 billion will help those providers establish last-mile connections to users.

Governor Newsom has yet to sign the legislation into law, but that's considered a formality when he made agreements on details with legislators.

The network met resistance from larger ISPs that lobbied to block the reach of the open fiber network. It might have a significant impact on internet access in the state, however. While state and federal governments have pushed for improved rural broadband coverage for years, the focus has usually been on merely offering service rather than upgrading quality. This could bring truly competitive speeds to underserved areas and ensure they can access the same services as people subscribed to major broadband companies.

Virginia will use $700 million in American Rescue Plan funding to expedite broadband buildouts in underserved communities throughout the state, Governor Ralph Northam announced on Friday. With the investment, Virginia says it’s on track to become one of the first states in the US to achieve universal broadband access.

An estimated 233,500 homes and businesses throughout the Commonwealth fall under what the Federal Communications Commission would consider an underserved location. They don’t have an internet connection that can achieve download speeds of 25Mbps down. The state estimates the additional funding will allow it to connect those places to faster internet by the end of 2024, instead of 2028, as previously planned. What’s more, the “majority” of those connections will be completed within the next 18 months.

“It’s time to close the digital divide in our Commonwealth and treat internet service like the 21st-century necessity that it is — not just a luxury for some, but an essential utility for all,” Governor Northam said.

Across nine provisions, President Biden’s $1.9 trillion American Rescue Plan provides approximately $388 billion in funding for state and local governments to address the digital divide in their communities. Virginia is only one of the states across the country that plans to use that money to build faster internet infrastructure. In May, California Governor Gavin Newsom proposed a $7 billion investment in public broadband.

On Thursday, Facebook disclosed that a network of hackers with ties to Iran tried to use its platform to target US military personnel. At the center of the campaign was a group known as Tortiseshell. Facebook says the collective went after individuals and companies in the defense and aerospace industries. Its primary targets were in the US, but they also sought out people in the UK and parts of Europe.

“This activity had the hallmarks of a well-resourced and persistent operation, while relying on relatively strong operational security measures to hide who’s behind it,” Facebook said. "Our platform was one of the elements of the much broader cross-platform cyber-espionage operation, and its activity on Facebook manifested primarily in social engineering and driving people off-platform (e.g. email, messaging and collaboration services and websites), rather than directly sharing of the malware itself."

What went down appears to be unprecedented for Tortoiseshell. In the past, the group has primarily targeted IT companies throughout the Middle East. The methods it employed were similar to those that China’s Evil Eye used to target the Uyghur community earlier in the year.

Facebook says the group created “sophisticated online personas” to contact its targets and build trust with them before trying to convince them to click on malicious links. They had accounts across multiple social media platforms to make their ruse appear more credible. The group built fake recruiting websites and even went so far as to spoof a legitimate US Department of Labor job search tool. Facebook believes at least some of the malware the group deployed was developed by Mahak Rayan Afraz, a company with ties to the Islamic Revolutionary Guard Corps.

Iran has been accused of a variety of malicious online activities over the past year. Most notably, Microsoft said last September it was one of the countries that tried to meddle in the 2020 US presidential election.

As protests continue in Cuba over the country’s handling of the coronavirus pandemic and the surrounding economic fallout, the Cuban government has moved to restrict access to social media and messaging platforms. According to NetBlocks, an organization that tracks internet access, Facebook, Instagram, WhatsApp and Telegram have all been at least partially blocked on the Caribbean island since Monday. As of Tuesday afternoon, it appears the restrictions are still in place, with Reuters reporting that people in Havana don’t have access to mobile data at the moment. We’ve reached out to Facebook and Telegram for confirmation on the outages, and we’ll update this article when we hear back from the companies.

Mobile internet access is relatively new to Cuba. It was only in late 2018 that the country’s socialist government started rolling service out across the island. At the time, President Miguel Diaz-Canel, the politician protestors are demanding resign, said greater internet access would help Cubans “defend their revolution.” However, Cuba to dissent is not new. We’ve seen governments in countries like Mynamar and Iran use similar strategies when they faced protests in the past.

A former NSA and White House official has been appointed to lead the Cybersecurity and Infrastructure Security Agency (CISA) at a time when ransomware and other kinds of cyberattacks are on the rise. The Senate has named Jen Easterly as the second person to head up the DHS agency, according to Politico. CISA provides cybersecurity tools and incident response services to government networks, and it also offers security advice to infrastructure operators and businesses. 

Politico previously reported that CISA has been struggling to handle one cybercrisis after another and that the agency is understaffed and overworked. It had to face multiple intrusions in the middle of the pandemic as bad actors attacked the healthcare industry with ransomware, forcing them to pay up to prevent delays that could cost lives. CISA also had to respond to the massive SolarWinds hack that the government is blaming on Russia, as well as the ransomware attacks on Colonial Pipeline, software giant Kaseya and meat supplier JBS. 

Easterly doesn't only have to lead response efforts to ongoing cyberattacks, it now also falls upon her shoulders to make sure CISA gains the ability to counter new threats as they come up. Before being named as the new CISA head, Easterly spent years as the number 2 official in the NSA's counterterrorism division and was also the National Security Council's senior director for counterterrorism under former President Barack Obama.

After nearly two years, Amazon’s highly public legal feud with the US government over the Pentagon’s decision to award Microsoft a $10 billion cloud contract in 2019 is over. According to Reuters, a federal judge dismissed the challenge on Friday with no objection from the company. The dismissal follows Tuesday’s announcement that the Department of Defense had canceled JEDI, the program at the center of the legal battle, to pursue a new multi-vendor project that would see both Amazon and Microsoft awarded contracts.

"We understand and agree with the DoD’s decision,” an Amazon spokesperson told Engadget after the announcement. “Unfortunately, the contract award was not based on the merits of the proposals and instead was the result of outside influence that has no place in government procurement."

When Amazon first challenged the Defense Department’s handling of JEDI, it alleged the Pentagon had shown "unmistakable bias" in the evaluation process. The company accused former President Donald Trump of improperly pressuring the agency to award the contract to Microsoft due to his dislike of Jeff Bezos and The Washington Post. In 2020, The Pentagon’s inspector general released a report that said it had found no evidence that the Trump administration had interfered with the procurement process but noted at the same time that several White House officials had not cooperated with the probe.

The movement to get the FCC to restore net neutrality just gained some serious traction. The White House just announced that president Joe Biden will be signing a new executive order today that will establish a "whole-of-government effort to promote competition in the American economy." In other words, it's targeting anticompetitive practices. 

The order includes 72 proposals and actions, among which it specifically says "the President encourages the FCC to restore Net Neutrality rules undone by the prior administration." It also asked the agency to consider limiting early termination fees and prevent internet service providers from making deals with landlords that limit tenant choices. In addition, it urged the FCC to revive the Broadband Nutrition Label that was developed under the Obama administration that would offer greater price transparency.

The order also looked at how "dominant tech firms are undermining competition and reducing innovation," and announced an administration policy of greater scrutiny of mergers. It would give focus on "dominant internet platforms," especially around "the acquisition of nascent competitors, serial mergers, the accumulation of data, competition by “free” products, and the effect on user privacy."

This story is developing, please refresh for updates.

As expected, former President Donald announced on Wednesday he plans to file class action lawsuits against Facebook, Google and Twitter, as well as the CEOs of each respective company. Trump announced the legal bid at a press conference in Bedminster, New Jersey, promising the case would lead to an "end of the shadow banning, a stop to the silencing and the cancelling that you know so well." Trump and his lawyers, many of whom he said come from the to tobacco industry, plan to file the cases in the Southern District of Florida. Trump alleges the tech giants violated his First Amendment rights.   

Developing...

A state-sponsored Russian hacking group infiltrated the computer systems of a Republican National Committee (RNC) contractor over the weekend. Bloomberg originally revealed that the RNC suffered a breach at the hands of prolific hackers APT29, aka Cozy Bear, who are believed to be behind a spate of high-profile cyberattacks on the US and its allies. 

However, GOP officials were quick to refute that report, interjecting that the actual victim was a third-party IT services provider known as Synnex. The hack was orchestrated amid the backdrop of a larger supply chain cyberattack and increasing hostilities between the US and Russia over cyber-espionage campaigns.

In a statement, chief of staff Richard Walters said the RNC learned of the attack over the weekend and "immediately blocked all access from Synnex accounts to our cloud environment." After conducting a review of its systems with Microsoft, Walters said no RNC data had been accessed. Spokesman Mike Reed also told Bloomberg that “there is no indication the RNC was hacked or any RNC information was stolen.” Officials are currently working with law enforcement on the matter, Walters added.

With the focus on its services, GOP contractor Synnex also addressed the incident. The company confirmed it was aware of "a few instances where outside actors have attempted to gain access" to its customers "through the Microsoft cloud environment." 

Cyberattacks are on the rise as criminal and government-backed hackers take advantage of the disruption to working patterns caused by the pandemic to extort and cause havoc. Just days ago, over 200 managed service providers were compromised after hackers breached the systems of management software giant Kaseya. Before that, leading US fuel supplier Colonial was forced to shut down one of its main pipelines after it suffered a ransomware attack.  

To protect government networks, President Biden signed an executive order in May aimed at bolstering cybersecurity through improved info sharing between agencies, increased scrutiny of third-party software and an education program for the public. In addition, Biden called for the establishment of a formal set of rules for responding to a breach that would be reviewed by the head of CISA. Biden's retaliation against Russia, meanwhile, has included sanctions on dozens of entities and officials.

The Russian government-backed group believed to have perpetrated the Synnex breach is among the most notorious in the world. APT 29 was accused of breaching the Democratic National Committee in 2016 and for carrying out the wide scale SolarWinds cyberattack last December, which impacted nine US government agencies. It was also accursed of brazenly attempting to steal COVID-19 vaccines last July.