At least 10 different hacker groups have exploited a recently discovered vulnerability in Microsoft’s email server software, with victims around the world, cybersecurity firm ESET said today.
Reuters reports that the extent of the hacking has reinforced the urgency of the warnings issued by U.S. and European authorities about the Microsoft email vulnerability.
The vulnerability opens the door to industrial-scale cyber espionage, allowing Hackers to steal email from vulnerable servers or move around the network almost at will.
Reuters reported last week that as many as tens of thousands of organizations have been threatened, with news of the latest victims being released daily.
For example, the Norwegian parliament announced earlier today that it had been “intercepted” for part of its data as a result of the breach. Germany‘s cybersecurity watchdog also said today that two federal authorities had been hacked in connection with the attack, but declined to release the names of the specific agencies.
Although Microsoft has released a patch, the slow pace of updates for many customers means that a large portion of users are still at risk of being hacked from around the world, and the fix will not remove any backdoor channels that have been left on the machines.
In addition, the backdoor channels on some of the infected machines use easy-to-guess passwords, so new intruders can easily take over.
Microsoft declined to comment on the speed of updates for customers, and in its earlier announcement of the vulnerability, the company stressed that “it is critical to patch all affected systems immediately.
While hackers appear to be focusing on cyber espionage, experts are concerned that cybercriminals intent on extorting ransoms could use the vulnerability to commit crimes, which could result in widespread victimization.
The ESET blog post mentions that there have been signs of hackers using the vulnerability for cybercrime, with one group specializing in stealing computer resources for cryptocurrency mining, and the group hacking previously vulnerable Exchange servers to spread its malware.
Nine other groups, mainly espionage, used the vulnerability to compromise targeted networks, ESET noted. Some researchers believe it is linked to China, which Microsoft has blamed for the hack, but the Chinese government denies any role in it.
But several of the groups appear to have known of the vulnerability before Microsoft released it on March 2.
Ben Read, director of the security firm FireEye Inc, said he could not confirm the specific details of the ESET blog post, but his company also saw “multiple groups that may be related to China” exploiting the Microsoft vulnerability in various bulk operations.
ESET researcher Matthieu Faou pointed out that it is “very rare” that so many cyber espionage groups have access to the same information before the news is made public. He speculated that there may have been some form of leak before Microsoft announced it, or discovered by a third party who provided the vulnerability information to cyber spies.
According to Taiwan‘s information security industry Dave Cole (DEVCORE), they notified Microsoft of two new vulnerabilities as early as January 5, those two vulnerabilities and other vulnerabilities in that friendly notification shortly before and after, has begun to be exploited by hackers.
Recent Comments