Saturday, March 6th, 2021
Email as prey
Hacker attack on 30,000 US facilities
Microsoft has released some security updates that Exchange Server customers should apply immediately. The background to this is the large-scale attack by a Chinese hacker group on tens of thousands of companies, administrations and other institutions in the USA. The White House is concerned.
At least 30,000 US organizations have been reportedly affected by an “unusually aggressive” Chinese hacker attack. Cyber security expert Brian Krebs writes on his website that the attackers exploited a security gap in the Exchange email service operated by software company Microsoft, stole emails and infected computers with programs that would allow remote control.
White House spokeswoman Jennifer Psaki spoke of a “current threat”. “Everyone who uses these servers must act now,” said Psaki and advised to install an available security update as soon as possible. “We fear that there will be a large number of victims.”
After Microsoft published the security update for Exchange on Tuesday, the number of attacks “increased dramatically,” wrote Krebs, citing anonymous sources. “At least 30,000 organizations in the United States, including a significant number of small businesses, city and regional governments, have been attacked in the past few days by an unusually aggressive Chinese cyber-espionage unit focused on email theft.”
The hacker group called “Hafnium” by Microsoft is, according to the company, a “very accomplished and highly developed player”. In the past, according to Microsoft, hafnium had primarily targeted organizations and institutions in the United States. Affected were therefore “research institutions for infectious diseases, law firms, universities, defense companies, political think tanks and non-governmental organizations”. The group is based in China, but operates mainly through rented virtual private servers in the USA. The US authorities have repeatedly accused the Chinese government of being behind hacking attacks in the US. Beijing regularly rejects this.