Four vulnerabilities detected in Microsoft's Exchange server has led a Chinese hacker group to steal e-mail data of at least 60,000 users across the globe.
According to KrebsOn Security, a significant number of state and local government, small businesses, towns, fire and police departments have been attacked by an ‘aggressive’ Chinese cyberspionage.
Speaking to Bloomberg, a former senior US official with knowledge of investigation informed that the attack “has so far claimed at least 60,000 known victims globally”.
US tech giant Microsoft has informed that Chinese group dubbed ‘Hafnium’, is seeking to steal information from several US-based organisations, including “infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs”.
Intensity of The Attack
On 6 January 2021, Chinese group ‘Hafnium’ exploited vulnerabilities in Microsoft’s Exchange Server which compromised ‘no fewer than tens of thousands of e-mail servers’.
These vulnerabilities were not known to Microsoft until the hackers breached the Outlook email servers. These intrusions were first spotted by Data Security firm Volexity and accordingly Microsoft released a security patch on 2 March 2021.
However, a security researcher who spoke to WIRED on condition of anonymity informed that data of at least 30,000 users in US alone and hundreds of thousands worldwide have been compromised
Former national security official told WIRED that the data theft is massive. “It's massive. Absolutely massive.We're talking thousands of servers compromised per hour, globally”.
White House Warns of ‘Active Threat’
White House Press Secretary Jen Psaki has warned that people should immediately update the latest security patch if they are running Microsoft Exchange servers. “This is an active threat and everyone running these servers – government, private sector, academia needs to act now to patch them,” Psaki said.
“Network owners also need to consider whether they have already been compromised and should immediately take appropriate steps,” he added.
‘No Way Connected to SolarWinds Attack’
Microsoft has made it clear that these attacks are in “no way connected to SolarWind Attacks” that compromised US federal government agencies and companies last year.
In 2020, Russian hackers broke into Texas based SolarWind’s system and planted malicious code into the organisation’s software system called ‘Orion’ .This system is used widely by companies to manage IT resources.
“We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services,” the company said in a statement.
(At The Quint, we question everything. Play an active role in shaping our journalism by becoming a member today.)