Tens of thousands of businesses, cities and local institutions in the United States have been attacked by a group of state-backed hackers, according to a cybersecurity specialist who gave details on Friday (March 5) on Microsoft’s email hack.
“At least 30,000 organizations (…) have been hacked in recent days by an unusually aggressive Chinese cyber espionage unit, which focuses on email theft, according to multiple sources”Brian Krebs wrote on his KrebsonSecurity blog.
Microsoft warned on Tuesday that hackers in the group baptized “Hafnium” exploited security holes in its Exchange messaging services to steal the data of its business users. This “Highly qualified and sophisticated actor”, according to the computer giant, has in the past already targeted companies in the United States, in particular in the field of research on infectious diseases, law firms, universities, defense companies, groups think tank and NGOs.
“The spy group exploits four new flaws in Exchange software and has planted tools among hundreds of thousands of organizations around the world, which give attackers full remote control over infected systems.”, detailed Brian Krebs.
“The threat is active”, said Jen Psaki, spokeswoman for the White House, during a press briefing on Friday. The attack “Could have a very broad impact”, she added, before calling the communities “Who use these servers to act now to protect themselves”.
No connection to the SolarWinds hack
Microsoft chief Tom Burt on Tuesday said his company had released updates to fix the flaws, and urged customers to apply them. “We know that many state actors and criminal groups will act quickly to take advantage of any unpatched system.”, he warned. “Applying patches quickly is the best protection against this attack. ” According to Microsoft, Hafnium is based in China but operates through virtual private servers leased in the United States.
Beijing last year accused Washington of defamation over allegations that Chinese hackers were trying to steal research on the coronavirus.
In January, the American authorities had designated Russia as the main suspect of the massive hacking against the company SolarWinds, thus contradicting the former president Donald Trump who had accused China of being at the origin of this intrusion in the software from the US government and thousands of private companies. Microsoft said on Tuesday that the Hafnium attacks “Were in no way related to the separate attacks related to SolarWinds”.