A vulnerability in the U.S. Microsoft mail system led to the theft attack by Hackers in tens of thousands of organizations. The hacking group, called Hafnium, is based in China and operates through virtual private servers rented in the United States, Microsoft said. The targets of the information theft include, in particular, companies in the field of infectious disease research, law firms, universities, defense companies, think tanks and non-governmental organizations.
A cybersecurity expert on Friday provided details of the hacking of Microsoft’s e-mail system, in which tens of thousands of U.S. businesses, cities and local institutions were attacked by a group of Chinese state-sponsored hackers, AFP San Francisco reported March 6.
The actual number could be much larger, according to the Wall Street Journal on March 7, citing people familiar with the matter. One of the people familiar with the matter said the number of affected users could exceed 250,000.
Brian Krebs, a cybersecurity expert, said on his blog (KrebsonSecurity), “According to multiple sources, at least 30,000 organizations in recent days (……) were hacked by an unusually aggressive Chinese cyber espionage unit focused on stealing emails.
Microsoft warned last Tuesday that hackers from the group known as “Hafnium” were exploiting a security flaw in Microsoft’s Exchange messaging service to steal data from its corporate users.
Microsoft said the “highly skilled and sophisticated player” has targeted U.S. companies in the past, particularly in the field of infectious disease research, as well as law firms, universities, defense companies, think tanks and nongovernmental organizations.
Krebs said, “Spy groups are exploiting four new vulnerabilities in Exchange software and have planted tools in hundreds of thousands of organizations around the world that allow attackers to take full remote control of infected systems.”
Microsoft director Tom Burt said last Tuesday that the company had released updates to fix the flaws and urged customers to implement them. He warned, “We know that hacking actors and criminal groups manipulated by many countries will move quickly to exploit any system that is not patched. And the quick use of fix updates is the best protection against such attacks.”
According to Microsoft, the hacking group Hafnium is based in China but operates through a virtual private server rented in the United States.
Last year, Beijing accused Washington of slander following allegations that Chinese hackers were trying to steal coronavirus research.
White House spokesman Jen Psaki said at a news conference on Friday.” The threat is active” and that the attack “could have far-reaching consequences. She also called on the communities that use the servers to “act now to protect themselves.”
In January, U.S. authorities named Russia as a prime suspect in the massive hack against SolarWinds, contradicting former President Donald Trump, who has accused China of being behind the intrusion into the software of the U.S. government and thousands of private companies. Microsoft, for its part, said on Tuesday that “this Hafnium attack had nothing to do with the attack on SolarWinds.”
Recent Comments