A lot more than 30,000 entities compromised through Microsoft’s Exchange flaws
08 March, 2021
Cyber-espionage group Hafnium features exploited Microsoft’s trusted email and calendar Exchange server, breaching a lot more than 30,000 commercial and municipality entities in the US.
Criminals took benefit of disclosed flaws found in the Exchange platform, a written report by KrebsOnSecurity said.
In addition they tried to remotely manage email servers of hundreds of thousands of other organisations globally, it said.
Microsoft disclosed several vulnerabilities in its Exchange server on a blog page last week.
The gaps allow hackers get access to email accounts and install malicious codes on the servers.
The business accused Hafnium, which operates from China, of plotting attacks against Exchange users.
Microsoft issued emergency patches and called in customers to install them.
The company has said the attacks are limited and then business customers , nor affect individual users.
Lotem Finkelsteen, director of threat intelligence in American-Israeli software enterprise Check Point, said the Microsoft strike “is relevant to all or any businesses using Outlook but not to individual consumers … this is a server issue that the cyber attackers exploited".
Tom Burt, Microsoft’s corporate vice president of customer reliability and trust, said Exchange was mainly employed by business customers.
Mr Burt said there is "no evidence that Hafnium’s activities targeted individual consumers or perhaps these exploits impact other Microsoft products".
Hafnium is a “highly skilled” and “sophisticated" group that steals details from various sectors, including medical scientists, law firms, education institutions, defence, are convinced tanks and NGOs, Microsoft said.
“While Hafnium is based found in China, it conducts its procedures primarily from leased virtual individual servers in the US,” it said.
Microsoft's UAE workplace referred The National to its blog page and declined to comment further.
The US government is assessing the effect, a White House official said on Saturday.
"This is a dynamic threat, still growing, and we urge network operators to take on it extremely seriously," the official said.
China's Foreign Ministry stated it “firmly opposes and combats cyber episodes and cyber theft in all forms”.
It said that accusing a specific nation is a good “highly sensitive political issue”.
Vulnerabilities within Exchange servers were “significant” and “could have far-reaching impacts”, said Jen Psaki, the White House press secretary.
“We are concerned there are a large quantity of victims,” Ms Psaki said.
Industry specialists said Exchange exploits weren't limited by the US and could affect entities found in other areas of the world.
The flaws are “quite extreme regardless if we don’t know the entire scope of these attacks”, Satnam Narang, staff research engineer at cyber-security company Tenable in Maryland, told The National.
“Even while Microsoft says that Hafnium mostly targets entities within the US, other researchers tell you they've seen these vulnerabilities appearing exploited by numerous threat actors targeting other regions,” Mr Narang said.
Cyber-security company FireEye features identified afflicted victims in the US including retailers, community governments, a good university and a great engineering company.
A South-East Asian government and a central Asian telecoms provider were also hit.
“Furthermore to patching immediately, we recommend organisations analysis their systems for proof exploitation that may have occurred ahead of the deployment of the patches,” explained Charles Carmakal, senior vice president and chief technology officer of FireEye.
Microsoft has said the new wave of breaches are “by no means connected” to previous year’s SolarWinds episodes by Russian hackers, which compromised 9 US federal agencies and almost 100 businesses.
“State-sponsored hacking groups are exploiting significant Exchange bugs that Microsoft has already patched last week," Avinash Advani, founder and chief executive of Dubai cyber-security company CyberKnight, told The National.
"The disclosure will attract other threat actors seeking to compromise unpatched servers.”
Source: www.thenationalnews.com
TAG(s):