Summary List Placement
At least 30,0000 organizations across the US have been hacked over the last few days through flaws in Microsoft’s Exchange server email software, sources familiar with the matter told KrebsOnSecurity.
The “unusually aggressive Chinese cyber espionage unit” that Microsoft calls “Hafnium” is focusing on stealing emails from a range of victims, including companies, small businesses, and local governments, Krebs said.
The group exploited four flaws in Microsoft’s Exchange servers. The bugs gave attackers full remote control over the affected systems.
With each hacking incident, the group left behind a hacking tool called “web shell” that is protected by an easy password and could be accessed from any internet browser, the cybersecurity blog said. This tool allowed hackers to have administrative access to computer servers.
Microsoft released a security update this week to patch Exchange versions from 2013 to 2019. Microsoft recommended users immediately install updates to the Exchange product, which is primarily used by business customers. The company also said that it informed appropriate US government agencies about the breach.
Microsoft said the email system is used by organizations including companies, infectious disease researchers, defense contractors, law firms, NGOs, and universities.
The purported Chinese hacking group is responsible for seizing control over hundreds of thousands of Microsoft Exchange servers worldwide, two anonymous cybersecurity experts told KrebsOnSecurity.
Chinese Foreign Ministry spokesman Wang Wenbin responded to Microsoft’s accusations in a Wednesday press briefing, saying there was not enough evidence to draw a conclusion on the Exchange hack’s origins, according to Bloomberg.
This is the eighth time in the last 12 months that Microsoft has publicly reported state-sponsored hacks.
White House Press Secretary Jen Psaki said in a press briefing on Friday that the weaknesses found in Microsoft’s Exchange Servers were “significant.”
“We’re concerned that there are a large number of victims,” she added.
The Prague municipality and the Czech Ministry for Labor and Social Affairs were impacted by the Hafnium server breach, according to Reuters who cited a European cyber official briefed on the issue.