At least 10 different hacker groups are using a recently discovered flaw in Microsoft Corp’s mail server software to break into targets around the world, cybersecurity company ESET said in a blog post Wednesday. The breadth of the exploitation adds to the urgency of warnings issued by authorities in the United States and Europe about weaknesses found in Microsoft’s Exchange software.
Security holes in the widely used email and calendar solution leave the door open for cyber espionage on an industrial scale, allowing malicious actors to steal emails virtually at will from vulnerable servers. Tens of thousands of organizations have already been compromised, Reuters reported last week, and new victims are being made public daily.
Earlier on Wednesday, for example, Norway’s parliament announced that data had been “mined” in a breach related to Microsoft’s flaws. Germany’s cybersecurity watchdog also said Wednesday that two federal authorities had been affected by the attack, although it declined to identify them. While Microsoft has issued fixes, the slow pace of updates from many customers, which experts attribute in part to the complexity of Exchange. architecture: means that the field remains at least partially open to hackers of all kinds. Microsoft declined to comment on the pace of customers
In previous announcements related to the flaws, the company has emphasized the importance of “patching all affected systems immediately.” Although the hacking appears to be focused on cyber espionage, experts are concerned that cybercriminals seeking ransom could take advantage of the flaws because it could lead to widespread disruption.
The ESET blog post said there were already signs of cybercriminal exploitation, with a group that specializes in stealing computing resources to mine cryptocurrencies and access previously vulnerable Exchange servers to spread their malicious software. of failures to break into specific networks, several of which other researchers have linked to China.
Microsoft has blamed the attack on China. The Chinese government denies any role. Interestingly, several of the groups appeared to be aware of the vulnerability before Microsoft announced it on March 2.
Ben Read, a director at cybersecurity company FireEye Inc, said he could not confirm the exact details in ESET’s post, but said his company had also seen “multiple groups from China likely” using Microsoft’s flaws in different waves. .
ESET researcher Matthieu Faou said in an email that it was “very rare” for so many different cyber espionage groups to have access to the same information before it was made public. He speculated that the information was “somehow leaked” prior to Microsoft’s announcement or was found by a third party providing vulnerability information to cyber-spies.