San Francisco: In a big cyber attack, China-based threat actors hacked at least 30,000 organisations across the US, including government and commercial firms, by using Microsoft’s Exchange Server software to enter their networks. The espionage group is known to have exploited four vulnerabilities in Microsoft Exchange Server email software, which provided them access to email accounts, and also gave them the ability to install malware. Also Read - Cyber Security: 45% of Indian Online Users Hit by Local Threats in 2020
Microsoft has reported the threat but did not reveal the scale at which tens of thousands of organisations have been hit.
“The Chinese hacking group seized control over “hundreds of thousands” of Microsoft Exchange Servers worldwide,” two cybersecurity experts who have briefed US national security advisors on the attack told KrebsOnSecurity. Notably, Exchange Server is primarily used by business customers.
Microsoft is currently trying to fix the vulnerabilities and has also released several security updates, advising its customers to install those immediately.
Earlier this week, Microsoft warned its customers against a new sophisticated nation-state cyber-attack that has its origin in China and is primarily targeting on-premises ‘Exchange Server’ software of the tech giant.
Called “Hafnium,” it operates from China and is attacking infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks, and NGOs in the US for the purpose of exfiltrating information. “While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the US,” said Tom Burt, Corporate Vice President, Customer Security and Trust at Microsoft.
This was the eighth time in the past 12 months that Microsoft has publicly disclosed nation-state groups targeting institutions critical to civil society.