Icon: enlarge
Security experts are concerned: A group from China is said to have hacked tens of thousands of organizations
Photo: Ake Ngiamsanguan / Getty Images / iStockphoto
In the United States alone, tens of thousands of organizations have apparently been hacked by an "unusually aggressive Chinese cyber espionage unit."
The renowned IT security expert Brian Krebs writes, citing several anonymous sources, that the group exploited four recently discovered security holes in Microsoft's Exchange Server e-mail software.
The number of their attacks has recently risen sharply.
On the one hand, the gaps were used to steal emails, it is said, on the other hand, computers were also infected with programs that would allow the computers to be controlled remotely.
Exchange is used as an email platform by many companies, government agencies and educational institutions.
Jennifer Psaki, a White House spokeswoman, spoke of a "current threat" on Friday.
She advised those potentially affected to install a security update provided by Microsoft as soon as possible.
"We fear that there will be a large number of victims."
A former US security agency employee who is involved in the investigation into the attacks told Wired magazine: "We're talking about thousands of servers being compromised every hour, worldwide."
Germany is also affected
In fact, the problem seems to extend far beyond the USA, and there are also extremely worried tones from Europe.
Here, too, many thousands of companies and authorities are in acute danger.
Arne Schönbohm, head of the Federal Office for Information Security (BSI), told "Zeit Online" that the situation was serious: "We have thousands of open systems in Germany that have not been secured and are still open to attackers." BSI told the news site that there were "indications that individual federal authorities are also affected".
Due to the large number of unprotected systems, one must also assume that companies have fallen victim to the so-called critical infrastructure or could still become victims in the next few days, said the spokeswoman.
In a current »cyber security warning«, the BSI writes that it has observed a »multitude of reports about compromised Exchange servers«.
In view of the threat situation, the security updates provided by Microsoft should be installed as soon as possible.
For all systems "that were not updated immediately on Wednesday night," it should be checked whether a compromise had occurred.
A dangerous situation
Microsoft released its security update for Exchange Server on Tuesday American time.
It closes the four weaknesses in the software, but does not protect against backdoors that attackers were able to place in a system before the patch was installed.
The situation is therefore dangerous in several ways: On the one hand, some companies that have installed the update but not properly cleaned up their system could mistakenly believe themselves to be safe.
On the other hand, other cybercriminals who are not necessarily related to China have become aware of the gaps through Microsoft's update attempt.
They too could now try to attack unpatched systems.
Security expert Brian Krebs writes that after the Microsoft update appeared, the Chinese group itself drastically stepped up its attacks again.
According to Krebs, "at least 30,000 organizations in the United States, including a significant number of small businesses, city and regional governments," have been hacked.
China denies links to hacker attacks
The group of hackers allegedly responsible for the attacks was called "Hafnium" by Microsoft.
The company sees them as “a very accomplished and highly developed player”.
According to Microsoft, hafnium has primarily targeted organizations and institutions in the USA in the past.
Accordingly, initially "research institutions for infectious diseases, law firms, universities, defense companies, political think tanks and non-governmental organizations" were affected.
The group is believed to be based in China, but mainly operates via rented virtual private servers in the USA, according to Microsoft.
The US authorities have repeatedly accused the Chinese government of being behind hacking attacks in the US.
Beijing regularly rejects this.
Steven Adair, founder of the security company Volexity, who had noticed one of the hafniums in early January and informed Microsoft about it, said "Wired" that the Chinese hackers probably only actively targeted a small part of hundreds of thousands of hacked servers worldwide.
But any organization that does not bother to remove a back door left by the attackers remains compromised: the hackers could re-enter the systems to steal data or wreak havoc.
According to Adair, this is a "ticking time bomb" that can be used against affected organizations at any time.
Icon: The mirror
mbö / AFP / Reuters