How many companies, government institutions, cities or NGOs fell victim to the Chinese hacker group who successfully exploited flaws in Microsoft Exchange business email software?
They are at least already 30,000, according to Brian Krebs, a journalist and researcher in cybersecurity.
It will certainly take some time to fully grasp its full extent, if at all possible.
Among them, many small businesses, towns and local governments have reportedly been attacked in recent days, according to Brian Krebs.
In a blog post published in early March, Microsoft explained that it had discovered that its professional Exchange messaging software had been the target of a group of "
highly qualified and sophisticated
"
hackers
called Hafnium.
Following a detailed procedure by Microsoft experts, these hackers succeeded in exploiting vulnerabilities in Microsoft Exchange to steal the content of their victims' mailboxes.
“
The spy group exploits four new flaws in Exchange software and has planted tools in hundreds of thousands of organizations around the world, which give attackers full remote control over infected systems
,” adds Brian Krebs.
According to Microsoft, Hafnium is based in China but operates through virtual private servers leased in the United States.
"Active threat"
As soon as it discovered these flaws, Microsoft released a patch for the four detected vulnerabilities and urged its customers to update the software.
But the White House, whose agencies are also Microsoft messaging clients, warned of an "
active threat
" from hackers who could exploit the loopholes.
"
This is a threat that can have far-reaching consequences,
" said Jen Psaki, spokesperson for the White House.
"
We are concerned about the potentially large number of victims and we are working with our partners to measure the scale
."
The US government urges the private and public sectors to properly update the software and monitor their information systems to no longer be exposed to the vulnerabilities discovered.
Solarwinds
Since the massive Solarwinds cyberattack discovered last December, Microsoft products have been under close surveillance.
The group had revealed that, as a rebound to the initial attack against the software platform of the publisher Solarwinds, hackers had access to part of its source code by hacking the account of an employee.
According to Microsoft, the Hafnium attacks are not, however, linked to those resulting from the SolarWinds affair.
According to cybersecurity researchers, the attack by the Chinese hacker group could be uncovered due to research carried out after the Solarwinds affair.
"
This is the downside of such a large-scale cyber attack carried out by someone else, it increases the chances that yours will be discovered
" thus summarizes James Lewis, a cybersecurity expert at the Center for International and Strategic Research (CSIS) in the
Financial Times
daily
.
