More than 30,000 U.S. organizations' email systems reportedly have been compromised by a Chinese hacking group, through a recently patched flaw in Microsoft’s Exchange Server software.
What Happened: On Tuesday, Microsoft Corporation MSFT announced that its Exchange email product had been hacked and that the attack came from China. In a blog post, Microsoft's corporate vice president of customer security and trust, Tom Burt, said the company had identified a "state-sponsored threat actor" operating from China that it referred to as "Hafnium."
According to a report yesterday by KrebsOnSecurity, at least 30,000 organizations across the U.S. have been affected due to flaws in the Exchange Server software. Reuters also has reported on the scope of the attack, citing a person familiar with the U.S. government’s response, and pegs the number at more than 20,000 organizations.
See also: How To Buy Microsoft Stock
The White House has come out to warn about the attack. Press secretary Jen Psaki told reporters on Friday, “This is a significant vulnerability that could have far-reaching impacts. First and foremost, this is an active threat.”
On Thursday, National Security Advisor Jake Sullivan in a tweet urged the companies to update their software.
Similarly, the Cybersecurity & Infrastructure Security Agency has issued directives ordering all federal civilian departments and agencies to update the software running on Microsoft Exchange servers.
Related story: At Least 200 Organizations Were Actively Intruded On In SolarWinds Hack: Bloomberg
Why It Matters: Cybersecurity experts talking to KrebsOnSecurity say that detection and cleanup will be a massive effort for the thousands of state and city governments and other organizations that were affected.
According to the report, it allowed hackers to gain access to email accounts and also gave them the ability to install malware that might let them back into those servers at a later time.
KrebsOnSecurity reported that the attack has been ongoing since January 6. Steven Adair, president of cybersecurity firm Volexity, which discovered the attack, told the firm, “We’ve worked on dozens of cases so far where web shells were put on the victim system back on February 28 [before Microsoft announced its patches], all the way up to today. If you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised.”
In a statement to KrebsOnSecurity, Microsoft said, "We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources."
Price Action: Microsoft shares ended the week down 1.67% at $231.60.
Photo by Markus Spiske from Pexels.
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Comments
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.