Microsoft issued an emergency patch on Tuesday (2) after being hacked by the Chinese Communist Party. But the Hackers used the installed backdoor to continue the attack, which has affected more than 20,000 U.S. organizations.
A person familiar with the U.S. government’s response said Friday that more than 20,000 U.S. agencies have been affected by hackers’ continued access to compromised accounts using a backdoor installed by a vulnerability in Microsoft Exchange Server, the service used to handle companies’ email, calendaring, planning, contact and collaboration, Reuters reported on 6 June.
The White House said hackers exploiting the recently disclosed vulnerabilities in Microsoft Exchange software are an ongoing problem. White House press secretary Jen Psaki told reporters Friday that the vulnerabilities pose an “active threat” that could have far-reaching effects, and “we’re concerned about the large number of victims.
The latest hack has left remote access channels to credit unions, town governments and small businesses, according to U.S. investigative records. Tens of thousands of institutions in Asia and Europe have also been affected.
Both Microsoft and those working with the U.S. government believe the initial attack came from hackers backed by the Chinese Communist government. Additional attacks by other hackers are expected as the code used to take control of the e-mail server spreads.
Currently, hackers are using backdoors to re-enter and operate on infected networks in very few cases, perhaps less than 1 in 10, but hundreds of guys are exploiting them as fast as they can, stealing data and installing other backdoors to ensure they can break in again, people working with the government said.
Microsoft initially said the hacks included “limited and targeted attacks. But on Friday, Microsoft declined to comment on the scale of the hack, saying only that it was working with government agencies and security companies to help customers.
Microsoft added, “Affected customers should contact our support team for additional help and resources.”
A scan of connected devices showed that only 10 percent of vulnerable people had installed the patch software as of Friday, though that number is rising.
Since installing patched software doesn’t get rid of backdoors, U.S. officials are trying to figure out how to notify all victims and guide them as soon as possible.
At the end of last year, hackers attacked the U.S. software company SolarWinds, and major U.S. government departments and about 18,000 public and private organizations around the world were victims. The hack had a much wider impact.
The Federal Cybersecurity and Infrastructure Security Agency did not respond to Reuters’ request for comment.