The global hacker attack on Microsoft's server software is more dangerous than expected.
German authorities are also “compromised”, warns the cybersecurity authority BSI.
Bonn - The extent of the cyber attack on Microsoft's e-mail programs is apparently considerably greater than initially feared.
In the global attack, German authorities were also targeted by the hackers.
According to the current status, a total of six federal authorities are affected by the security gap, warned the Federal Office for Information Security (BSI) on Tuesday.
"There was a possible compromise in four cases," said a security warning.
When asked by Merkur.de, the BSI did not want to say which institutions are involved.
However, support has been offered to the departments concerned and is already active in individual cases, it said.
Cyber attack: Many companies are already infected with malware
Last Friday, the BSI sounded the alarm due to critical weaknesses in the Microsoft Exchange servers 2013, 2016 and 2019 and declared the highest warning level since 2014.
"Organizations of all sizes" are affected, it said, referring to the findings of the IT service provider Shodan.
According to this, tens of thousands of Exchange servers in Germany alone can be "attacked via the Internet and are very likely already infected with malware".
In view of the dangers, the BSI urgently recommends that all Microsoft Exchange customers apply the patches provided by Microsoft immediately.
According to Microsoft, the Chinese hacker group Hafnium is behind the attack.
The US software giant was made aware of the security gaps by IT security researchers in January and developed a corresponding security update.
The attackers initially selected a few targets, but in February they switched to adding back doors to tens of thousands of e-mail servers on a large scale every day, said the head of the IT security company Volexity, Steven Adair.
Cyber attack: German companies particularly hard hit
According to experts, German companies are more severely affected than average by this Microsoft Exchange gap in an international comparison, because they operate Exchange in-house or rented data centers themselves.
The vulnerabilities did not exist in cloud versions of Microsoft's e-mail service.
Exchange is used by many companies, authorities and educational institutions as an e-mail and collaboration platform.
In the event of a successful attack via the vulnerabilities, it is possible to access data from the e-mail system.
The attackers were able to install their own control software on the servers.
Affected servers can then be checked remotely.
The BSI is responsible for protecting all government networks and the so-called critical infrastructure.
This includes, for example, the energy supply, stock exchanges or the health system.