Text size
Microsoft did not comment on the scale of the attacks.
Drew Angerer / Getty Images
Microsoftsay
Exchange email servers have been hit by a devastating hack that could end up being worse than the Russia-based
SolarWinds
attack, which affected as many as 18,000 organizations.
On March 2, Microsoft announced in a blog post that a China-sponsored group it calls Hafnium is targeting Exchange Server software. The attacks have three steps, the company said.
“First, it would gain access to an Exchange Server with stolen passwords or by using … unknown vulnerabilities to hide itself as someone who needs access,” the company said. ‘Second, it would create the so-called’ web shell ‘to remotely control the fraudulent server. Third, it would use remote access – based on the US servers – to steal data from an organization’s network. ”
Security blogger Brian Krebs wrote on his website on Friday that at least 30,000 organizations were affected by the attacks, including ‘small businesses, towns, cities and local governments’.
Krebs noted that the Chinese group, following the announcement of the Microsoft hack, has dramatically intensified attacks on any vulnerable, unopened Exchange servers worldwide. Krebs wrote that cyber security experts he spoke to claimed that Hafnium had taken control of “hundreds of thousands” of Exchange servers worldwide.
The Wall Street Journal reported over the weekend that the attacks could have affected tens of thousands of U.S. businesses, government offices and schools, but added that the exact number is unclear, and according to one source could be as high as 250,000. On Friday, White House press secretary Jen Psaki said the attacks “could have far-reaching consequences … we are concerned that there are a large number of victims.”
The government’s Cybersecurity & Infrastructure Security Agency last week issued an ’emergency board’ requiring federal agencies to patch up critical vulnerabilities. Former CISA Director Chris Krebs (no relationship with Brian Krebs), fired by the Trump administration, last tweet tweetk that it’s a “crazy huge hack … the sheer size and speed of this one is scary.”
Microsoft has Magazine that the company worked with government agencies and security companies to mitigate the incident, but declined to comment on the extent of the attacks.
“We are working closely with CISA, other government agencies and security companies to ensure that we provide the best possible guidance and mitigation for our customers,” the company said in a statement to Barron’s Monday. “The best protection is to apply updates as soon as possible to all affected systems.” It is said that the company continues to provide guidance on how to investigate and deal with the damage, and that affected customers should contact their support teams.
So far, the situation has not affected Microsoft’s share price. Both Goldman Sacha and
Morgan Stanley
repeated their buy ratings Monday. The stock closed 1.8% at $ 227.39, while the Nasdaq Composite fell 2.4%.
Write to Eric J. Savitz at [email protected]