Sat 06 March 2021:
More than 20,000 US organisations have been compromised through a back door installed via recently patched flaws in Microsoft Corp’s email software, a person familiar with the US government’s response says.
According to media reports, the hack has affected more than the download from SolarWinds Corp, which witnessed a massive hack in December 2020. Reuters cited a person familiar with the US government’s response on Friday as saying that the organisations suffered after a back door was installed, capitalising on pre-existing flaws in the software.
Earlier on Friday (US time), White House press secretary Jen Psaki told reporters the vulnerabilities found in Microsoft’s widely used Exchange servers were “significant” and “could have far-reaching impacts”.
In addition, the hack has affected thousands of organisations across Asia and Europe. Even then, despite emergency patches, the hacks continue to plague the company. Initially, Microsoft claimed that the hacks consisted of “limited and targeted attacks”, but did not comment on the intensity of the issue.
It added, “impacted customers should contact our support teams for additional help and resources.” A scan of the connected devices showed that only 10 per cent of the vulnerable had installed the patches by Friday.
On Tuesday, the company claimed that the hacking group infiltrated the email inboxes. Microsoft claimed in a blog post that hackers took advantage of vulnerabilities that were previously unknown. Reportedly, four vulnerabilities were found in Microsoft’s email software. The group which hacked the company is being referred to as HAFNIUM, which Microsoft claims is linked to China.
In another post, Volexity – a cybersecurity firm – claimed that it observed hackers using one of the four software loopholes to steal “full contents of several user mailboxes”. The hackers only required details of an exchange server, and information about the account they intended to hack.
Over the years, many countries including the United States have accused China of overseeing cyber espionage activities, something Chinese authorities continue to deny. Even before Microsoft officially acknowledged the hack, the activities of hackers had begun to garner attention from analysts in the cybersecurity community.
Mike McLellan, the director of intelligence for Dell Technologies Inc’s Secureworks, was cited by Reuters as saying that they witnessed a spike in activity on Exchange servers over Sunday. Even at that firm, 10 customers have been affected. According to McLellan, hacking activity had gone up with focus on seeding malicious software, which could also highlight potential intrusions that could infect Microsoft’s networks.
According to Microsoft, the targets of the Chinese hackers included researchers for infectious diseases, education institutions, defence contractors, policy think tanks, and NGOs.
FOLLOW INDEPENDENT PRESS:
TWITTER (CLICK HERE)
https://twitter.com/IpIndependent
FACEBOOK (CLICK HERE)
https://web.facebook.com/ipindependent
Think your friends would be interested? Share this story!