Thousands of Microsoft customers may fall victim to China-related hack

United States businesses and government agencies using the Microsoft email service have compromised in an aggressive hacking campaign sponsored by the Microsoft government.

The number of victims is estimated to be in the thousands and some security experts believe the investigation of the breech is ongoing. Hackers secretly attacked several targets as of January SoundThe cybercity firm that discovered the hack, but their efforts increased in recent weeks as Microsoft went on to rectify the vulnerabilities exploited in the attack.

US Government Cyber ​​Security Agency released Emergency alert On Wednesday, amid concerns that the hacking campaign had affected a large number of targets. The warning urged federal agencies to patch their systems immediately. On Friday, Cyber ​​Security reporter Brian Krebs reported that the attack was at least 30,000 Microsoft customers.

“We are concerned that there are a significant number of victims,” ​​White House press secretary, Jane Sasaki, said during a press briefing on Friday. “The attack can have far-reaching effects,” he said.

Federal officials were struggling to understand what the latest hack known as a solarwind attack compared to last year’s incursions by Russian hackers into a variety of federal agencies and corporate systems. In that incident, Russian hackers placed the code in an update to SolarWind network management software. While around 18,000 customers of the company downloaded the code, so far there is only evidence that Russian hackers stole content from nine government agencies and about 100 companies.

The hack, which Microsoft attributed to Chinese, estimates that 30,000 or so customers were affected when the mail and calendar servers created by Microsoft were exploited by hackers in Exchange. Those systems are used by a wide range of customers, from small businesses to local and state governments and some military contractors. Hackers were able to install malware to steal email and continue monitoring their targets, Microsoft A blog post stated, but Microsoft said it did not understand how widespread the theft was.

The Chinese embassy in Washington did not immediately respond to a request for comment.

The campaign was unearthed in January, said by Voxity founder Steven Adair. Hackers silently steal emails from multiple targets, exploiting a bug that allows them to access the email server without a password.

“This is what we really believe to be stealth,” Mr. Adair said as the search set off a frantic investigation. “This led us to start tearing everything apart.” Volexity reported its findings to Microsoft and the US government, he said.

But in late February, the attack escalated. Hackers began to weave together several vulnerabilities and attacked a wider group of victims. “We knew that what we had reported and seen used very stealthily was now being combined and chained with another exploit,” Mr Adair said. “It just kept getting worse and worse.”

According to a cyber security researcher, hackers targeted as many victims as they targeted small businesses, local governments and large credit unions found on the Internet, they have studied the US investigation into the case of the hack. Not authorized to speak publicly. The defects used by hackers, known as zero days, were previously unknown to Microsoft.

“We are closely tracking Microsoft’s emergency patch,” said the report on possible agreements between Exchange Server and US think tank and Defense Industrial Base entities. Jake SullivanWhite House National Security Advisor.

“This is the real deal,” Christopher Krebs tweetedFormer director of the US Cyberspace and Infrastructure Agency. (Mr. Krebs is not related to a cyber security reporter who has disclosed the number of victims.)

Mr. Krebs said that companies and organizations using Microsoft’s Exchange program should assume they were hacked sometime between February 26 and March 3, and install the patch released last week by Microsoft Work quickly to do.

Jeff Jones, a senior director at Microsoft, said in a statement, “We are working closely with CISA, other government agencies and security companies to ensure that we are providing the best possible guidance and mitigation for our customers.” . “

Microsoft, behind the hacking, said that a Chinese hacking group known as hafnium was “a group state sponsored and assessed to be out of China.”

Since the company exposed the attack, other hackers associated with Hafnium did not begin to exploit the vulnerabilities to target organizations that had not patched their systems. “Microsoft continues to see increased use of these vulnerabilities in attacks targeting unpublished systems by many malicious actors,” the company said.

Patching these systems is not a straightforward task. Email is difficult to maintain, even for security professionals, and many organizations lack the expertise to securely host their own servers. For years, Microsoft has been pushing these customers to move to the cloud, where Microsoft can manage security for them. Industry experts said security incidents could encourage customers to move to the cloud and become a financial boon for Microsoft.

Due to the wide scope of the attack, many exchange users are likely compromised, Mr. Adair said. “Even for those who fasted as this humanity, there is a very high probability that they were already compromised.”

Nicole perloth Contributed to reporting.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *