Tens of thousands of businesses, cities and local institutions in the United States have been attacked by a group of Chinese state-backed hackers, according to a cybersecurity specialist, who gave details on Friday (March 5). about a Microsoft email hack.
“At least 30,000 organizations (…) have been hacked in recent days by an unusually aggressive Chinese cyberespionage unit, which focuses on email theft, according to multiple sources.”, Brian Krebs said on his blog KrebsonSecurity.
Microsoft warned Tuesday that hackers in the so-called “Hafnium” group were exploiting security holes in its Exchange messaging services to steal data from business users. This “Highly qualified and sophisticated actor”, according to the computer giant, has already targeted companies in the United States in the past, particularly in the field of research on infectious diseases, but also law firms, universities, defense companies, think tanks and NGOs.
“The spy group exploits four new flaws in Exchange software and has planted tools in hundreds of thousands of organizations around the world, which give attackers full remote control over infected systems.”, detailed Brian Krebs.
“The threat is active”, said Jen Psaki, spokeswoman for the White House, during a press briefing on Friday. The attack “Could have a very broad impact”, she added, before calling the communities “Who use these servers to act now to protect themselves”.
No connection to the SolarWinds hack
Microsoft chief Tom Burt on Tuesday said his company had released updates to fix the flaws, and urged customers to apply them. “We know that many state actors and criminal groups will act quickly to take advantage of any unpatched system.”, he warned. “Applying patches quickly is the best protection against this attack. ” According to Microsoft, Hafnium is established in China, but operates through virtual private servers leased in the United States.
Beijing last year accused Washington of defamation over allegations that Chinese hackers were trying to steal research into Covid-19.
In January, US authorities named Russia as the prime suspect in the massive hacking against the company SolarWinds, contradicting former President Donald Trump, who accused China of being behind the intrusion into software from the US government and thousands of private companies. Microsoft said on Tuesday that the Hafnium attacks “Were in no way related to the separate attacks related to SolarWinds”.