Thousands of entities hit as hackers exploit Microsoft Exchange’s flaws
A cyber espionage group Hafnium attacked Microsoft’s widely used email and calendar server, Exchange, affecting more than 30,000 commercial and local government entities in the US.
The criminals orchestrated the attacks by taking advantage of four recently disclosed flaws in the Exchange platform, according to a report by KrebsOnSecurity.
They also attempted to remotely control the email servers of “hundreds of thousands” of other organisations worldwide.
Microsoft disclosed four vulnerabilities in its Exchange server in a blog published last week. These gaps let hackers gain access to email accounts and instal malicious codes to their servers.
The company accused Hafnium, which operates from China, of plotting to stage attacks against Exchange users.
Microsoft issued emergency patches and called on customers to instal them. The company said the attacks were limited only to business customers and did not affect individual users.
Lotem Finkelsteen, director of threat intelligence at an American-Israeli software company Check Point, said the Microsoft attack was “relevant to all businesses using Outlook, but not to individuals consumers ... it is a server issue that the cyber attackers exploited.”
Tom Burt, Microsoft’s corporate vice president for customer security and trust, said Exchange is primarily used by business customers and there is “no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products”.
Hafnium is a “highly skilled” and “sophisticated actor” that steals information from various sectors such as medical research, law, education and defence, as well as entities such as think tanks and NGOs.
“While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers in the US,” Microsoft said.
Microsoft’s UAE office referred The National to its blog and declined to comment further.
The US government is assessing the impact, a White House official said on Saturday.
“This is an active threat, still developing, and we urge network operators to take it very seriously,” said the official.
China’s foreign ministry said it “firmly opposes and combats cyber attacks and cyber theft in all forms”.
It said accusing a particular nation was a “highly sensitive political issue”.
White House press secretary Jen Psaki said the vulnerabilities found in Exchange servers were “significant” and “could have far-reaching” effects.
“We are concerned that there are a large number of victims,” she said.
The increase in cyber threats has led to an increase in cyber security spending, which is forecast to rise by about 125 per cent to $363.05 billion by 2025, compared with 2019 figures, according to research consultancy Mordor Intelligence.
Industry experts said the hackers could hit entities in other parts of the world.