Categories: SecurityWorkspace

US Issues Warning Over ‘Far-Reaching’ Microsoft Email Hack

The US presidential administration has said it is “concerned” over the potentially large number of organisations affected by four zero-day flaws in Microsoft Exchange that emerged last week.

“This is a significant vulnerability that could have far-reaching impacts,” White House press secretary Jen Psaki told journalists. “We’re concerned that there’re a large number of victims.”

The administration’s comments are the latest indication of the significance of the Exchange bugs, for which Microsoft issued emergency patches last Tuesday.

Microsoft said a Chinese state-backed hacking group called Hafnium was behind the hacks, which began in early January.

State-sponsored hack

The incident follows last year’s hack of SolarWinds’ widely used Orion IT monitoring tool.

The SolarWinds hack was also blamed on a state-backed group, Russia in this case, and also continued for several months before being detected. Microsoft said the two campaigns are unrelated.

The company said Hafnium used the flaws to gain access to Exchange servers undetected in order to steal information from infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and non-governmental groups.

Dell Technologies’ Secureworks said last week the hackers began carrying out many more hacks on Sunday 28 February, possibly a sign they knew their activities were about to be discovered.

The attackers operated from leased virtual private servers in the US, researchers said.

Volexity, a security firm that reported the attacks to Microsoft, said the attacks had shifted from data theft to efforts to gain further access to organisations’ systems.

Additional exploits

“While the attackers appear to have initially flown largely under the radar by simply stealing emails, they recently pivoted to launching exploits to gain a foothold,” Volexity researchers Josh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, and Thomas Lancaster said in an advisory.

“From Volexity’s perspective, this exploitation appears to involve multiple operators using a wide variety of tools and methods for dumping credentials, moving laterally, and further backdooring systems.”

Security firm Mandiant said it had detected hacks using the flaws amongst a number of its clients, including US-based retailers, local governments, a university and an engineering firm.

It said related activity appeared to have also affected a Southeast Asian government and a Central Asian telecommunications company.

While Microsoft has patched the issues, organisations who don’t apply the fixes immediately may still risk exposure to attacks, industry watchers said.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

BT Eagle-i Seeks To Predict, Prevent Cyberattacks

Proactive security approach. New security platform from BT Security, dubbed 'Eagle-i', seeks to predict and…

2 days ago

Apple Risks South Korean Clash After Investigation Warning

South Korean government official warns of possible investigation into Apple's compliance with new App Store…

2 days ago

Moscow Metro Facial Recognition System For Speedy Payments

Privacy concern. Moscow's Metro system has launched 'Face Pay', a mass facial recognition system for…

2 days ago

US Army Delays $22 Billion Microsoft Augmented Reality Headsets

United States Army pushes back deployment date of Microsoft's augmented reality headsets, but insists it…

3 days ago

TSMC Confirms Chip Plant For Japan

Taiwanese chip giant TSMC confirms it will build a chip factory in Japan, that will…

3 days ago

GitLab Raises $800m In Successful Initial Public Offering

After a successful public debut that raised hundreds of millions of dollars, coding platform GitLab…

3 days ago