July 30, 2024 at 08:06AM
The U.K.’s Information Commissioner’s Office (ICO) announced that the Electoral Commission was breached in August 2021 due to unpatched Microsoft Exchange vulnerabilities. Around 40 million people’s personal information was compromised, leading to the ICO reprimanding the commission for inadequate security measures. The breach has been linked to state-backed hacking groups from China.
From the meeting notes provided, the following key takeaways can be summarized:
– The U.K.’s Information Commissioner’s Office (ICO) has revealed that the Electoral Commission was breached in August 2021 due to its failure to patch on-premise Microsoft Exchange Server against ProxyShell vulnerabilities.
– Security flaws tracked as CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207 were exploited to hack into the Commission’s Exchange Server 2016 and deploy web shells, allowing attackers to gain persistence and install backdoors.
– Microsoft had released security updates in May 2021 to fix the ProxyShell vulnerability, but the commission failed to promptly patch its systems, leaving them vulnerable to attacks.
– The breach and deployed malware were discovered on October 28, 2021, when an employee found the Commission’s Exchange server being used to send spam emails.
– Personal information of approximately 40 million people, including names, addresses, email addresses, and phone numbers, was accessed during the breach.
– The ICO found that the Electoral Commission lacked appropriate security measures and sufficient password policies to protect the personal information it held.
– The ICO reprimanded the U.K. elections authority for failing to protect its systems and the personal information of millions of voters.
– While the ICO has no reason to believe that any personal information was misused, it stated that the breach may not have caused direct harm to impacted voters.
– Shodan revealed that it was tracking tens of thousands of Exchange servers vulnerable to ProxyShell attacks after the U.K. Electoral Commission breach.
Additionally, the breach came after the U.K., the U.S., and their allies blamed China’s Ministry of State Security (MSS) for widespread attacks in March 2021.
Let me know if you need further information or assistance with anything else.