Cybersecurity group FireEye announced Thursday night that it has found evidence that hackers have been exploiting a bug in a popular Microsoft email application to target groups in various sectors since January.
FireEye analysts wrote in a blog post that the company observed the hackers – whom Microsoft announced earlier this week as a Chinese state-sponsored hacking group known as ‘Hafnium’ – targeting vulnerabilities in Microsoft’s Exchange Server e-mail mail program used to target at least one FireEye client. begins in January.
FireEye has since found evidence that the hackers were behind a series of casualties, including ‘U.S. merchants, local governments, a university and an engineering firm, ” along with a Southeast Asian government and a telecommunication in Central Asia.
The news comes two days after Microsoft said the Chinese hacking group was actively exploiting previously unknown security flaws in Exchange Server to track down groups running the program.
Microsoft noted earlier that Hafnium was known to steal information from organizations, including infectious researchers, law firms, higher education institutions, defense contractors, policy thinkers and non-governmental organizations.
FireEye analysts wrote Thursday night that “the activity reported by Microsoft is consistent with our observation.”
“The activity we observed, along with others in the information security industry, suggests that these threats are likely to use Exchange Server vulnerabilities to gain a foothold in environments,” the analysts wrote. ‘This activity is quickly followed by additional access and persistent mechanisms. As previously stated, we have several ongoing issues and will continue to provide insight when responding to intrusions. ”
The federal government could also be affected by the vulnerability of the e-mail application, for which Microsoft released a patch earlier this week.
The Cybersecurity and Infrastructure Security Agency (CISA) has a emergency guideline which requires federal agencies to investigate signs of compromise and to patch or disconnect the Exchange Server program if a compromise has occurred.
Jake Sullivan
Jake Sullivan A bidding stumble across China? Iran, hostages and déjà vu – Biden must do Biden better to discuss ‘roadmap’ for partnership with Canada in detail with Trudeau MORE, President Biden
Joe Biden The West Needs a More Collaborative Approach to Taiwan Abbott’s medical advisers were not all consulted before lifting the Texas mask mandate. House approved George Floyd Justice in Police Act.‘s national security adviser, urged all network owners to implement the Microsoft patch immediately Thursday night.
“We are closely monitoring Microsoft’s emergency solution for previously unknown vulnerabilities in Exchange Server software and reports of possible compromises by U.S. think tanks and defense industry base entities,” Sullivan said. tweeted.
Former CISA Director Christopher Krebs also underlined the potential seriousness of the offense, tweet Thursday night that ‘this is the right thing to do’ and organizations running Exchange Server are encouraged to go into ‘incident response mode’. ‘
The newly discovered compromise comes as the federal government investigates another massive Russian cyber espionage attack that was underway at least a year before the discovery.
The breach, known as the SolarWinds hack, involved hackers using IT group SolarWinds software to target up to 18,000 of its customers. As of last month, at least nine federal agencies and one hundred groups in the private sector have been put at risk.
Both FireEye and Microsoft were among the groups involved as part of the burglary, and FireEye is widely credited with drawing attention to the incident by appearing publicly in December after its breach.