According to a computer security specialist, at least 30,000 US organizations, including local governments, have been hacked by an “unusually aggressive” Chinese cyber espionage campaign in the past few days.
The campaign has exploited recently discovered bugs in Microsoft Exchange software, stolen emails and infected computer servers with tools that allow attackers to take control remotely, Brian Krebs said in a post on his cybersecurity news website.
“This is an active threat,” White House spokeswoman Jennifer Psaki said when asked about the situation during a press conference Friday.
“Everyone who runs these servers must act now to patch them. We are concerned that there are a large number of victims, ”she added.
After Microsoft released patches for the vulnerabilities on Tuesday, attacks on servers that had not yet been updated with security fixes “increased dramatically,” said Krebs, who cited unnamed sources familiar with the situation.
“At least 30,000 organizations in the US – including a significant number of small businesses, cities and towns – have been hacked in the past few days by an unusually aggressive Chinese cyber espionage unit focused on stealing email from victim organizations. Krebs wrote in the post.
He reported that insiders said hackers “took control” of thousands of computer systems around the world using password-protected software tools built into systems.
‘Hafnium’
Microsoft announced earlier this week that a government-sponsored hacking group operating out of China is exploiting previously unknown vulnerabilities in their Exchange email services to steal data from business users.
The company said the hacking group it called “Hafnium” is a “highly skilled and sophisticated actor.”
Hafnium has historically targeted U.S. companies including infectious disease researchers, law firms, universities, defense companies, think tanks, and NGOs.
In a blog post on Tuesday, Microsoft executive Tom Burt said the company had released updates to address the security vulnerabilities that apply to local versions of the software rather than cloud-based versions, and urged customers to apply them.
“We know that many nation-state actors and criminal groups will act quickly to take advantage of unpatched systems,” he added at the time.
Microsoft said the group is based in China but operates through leased virtual private servers in the US and has informed the US government.
Beijing previously hit back on US allegations of government sponsored cyber theft. Last year it accused Washington of smearing after alleging Chinese hackers were trying to steal coronavirus research.
In January, U.S. intelligence and law enforcement agencies said Russia was likely behind the massive SolarWinds hack that rocked government and corporate security, and disagreed with then-President Donald Trump, who had suggested that China was to blame.
Microsoft said Tuesday the hafnium attacks were “in no way tied to the separate SolarWinds-related attacks.”
Further attacks from other hackers are reportedly expected.
The hackers only used the backdoors to re-enter and move around the infected networks in a small percentage of the cases, probably less than one in ten, said the person working with the government.
“A few hundred people are using them as fast as they can,” he stole data and installed other ways to come back later, he said.
The first avenue of attack was discovered by the well-known Taiwanese cyber researcher Cheng-Da Tsai, who reported the bug to Microsoft in January. In a blog post, he said he was investigating whether the information was leaked.
He did not respond to requests for further comment.
Comments are closed.