Categories: SecurityWorkspace

US Issues Warning Over ‘Far-Reaching’ Microsoft Email Hack

The US presidential administration has said it is “concerned” over the potentially large number of organisations affected by four zero-day flaws in Microsoft Exchange that emerged last week.

“This is a significant vulnerability that could have far-reaching impacts,” White House press secretary Jen Psaki told journalists. “We’re concerned that there’re a large number of victims.”

The administration’s comments are the latest indication of the significance of the Exchange bugs, for which Microsoft issued emergency patches last Tuesday.

Microsoft said a Chinese state-backed hacking group called Hafnium was behind the hacks, which began in early January.

State-sponsored hack

The incident follows last year’s hack of SolarWinds’ widely used Orion IT monitoring tool.

The SolarWinds hack was also blamed on a state-backed group, Russia in this case, and also continued for several months before being detected. Microsoft said the two campaigns are unrelated.

The company said Hafnium used the flaws to gain access to Exchange servers undetected in order to steal information from infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and non-governmental groups.

Dell Technologies’ Secureworks said last week the hackers began carrying out many more hacks on Sunday 28 February, possibly a sign they knew their activities were about to be discovered.

The attackers operated from leased virtual private servers in the US, researchers said.

Volexity, a security firm that reported the attacks to Microsoft, said the attacks had shifted from data theft to efforts to gain further access to organisations’ systems.

Additional exploits

“While the attackers appear to have initially flown largely under the radar by simply stealing emails, they recently pivoted to launching exploits to gain a foothold,” Volexity researchers Josh Grunzweig, Matthew Meltzer, Sean Koessel, Steven Adair, and Thomas Lancaster said in an advisory.

“From Volexity’s perspective, this exploitation appears to involve multiple operators using a wide variety of tools and methods for dumping credentials, moving laterally, and further backdooring systems.”

Security firm Mandiant said it had detected hacks using the flaws amongst a number of its clients, including US-based retailers, local governments, a university and an engineering firm.

It said related activity appeared to have also affected a Southeast Asian government and a Central Asian telecommunications company.

While Microsoft has patched the issues, organisations who don’t apply the fixes immediately may still risk exposure to attacks, industry watchers said.

Matthew Broersma

Matt Broersma is a long standing tech freelance, who has worked for Ziff-Davis, ZDnet and other leading publications

Recent Posts

Microsoft Faces UK Probe Over Inflection Staff Hiring

Poaching staff? UK's CMA regulator confirms phase one investigation of Microsoft's “hiring” of former Inflection…

20 mins ago

Elon Musk To Relocate SpaceX, X HQ To Texas

Leaving California. Elon Musk protests new gender-identity law, says he will move headquarters of SpaceX…

2 hours ago

Hackers ‘Publish Walt Disney Internal Slack Data’

Hackers reportedly publish data from thousands of Disney internal Slack communications, including data on strategy…

1 day ago

Apple Shares Reach All-Time High On AI Optimism

Apple shares surge after Morgan Stanley rates company 'top pick' over AI plans and says…

1 day ago

Musk Confirms Robotaxi Delay For Design Change

Elon Musk confirms delay of Tesla robotaxi launch as company's shares surge after he publicly…

1 day ago

Silicon UK In Focus Podcast: The Value of Data

Discover the transformative power of data in our latest podcast. Learn how leveraging data can…

1 day ago