More than 20,000 U.S. organizations have been compromised by a backdoor recently installed due to bugs in Microsoft’s email software, a person familiar with the U.S. government’s response said Friday.
The hack has reached more places than all the polluted code downloaded from SolarWinds Corp. The company is at the core of another massive burglary in December.
According to the US investigation, channels for remote access have spread between credit unions, town governments and small businesses.
Tens of thousands of organizations in Asia and Europe are also affected, according to the records.
The hacks continue despite emergency solutions released by Microsoft on Tuesday.
Microsoft, which initially said the hacks consisted of ‘limited and targeted attacks’, declined to comment on the extent of the problem on Friday, but said it was working with government agencies and security companies to provide customers.
It added: “affected customers should contact our support teams for additional assistance and resources.”
One scan of connected devices showed that only 10% of the defenseless had installed the patches by Friday, although the number had risen.
Because installing the patch does not get rid of the back doors, U.S. officials rush to find out how to notify all the victims and guide them in their hunt.
It seems that everyone affected runs Outlook web client versions of Outlook and hosts them on their own machines, instead of relying on cloud providers. It may have spared many of the largest corporations and federal government agencies.
The federal agency for security and infrastructure security did not respond to a request for comment.
Earlier Friday, White House press secretary Jen Psaki told reporters that the vulnerabilities found in Microsoft’s widely used Exchange servers were “significant” and could have a far-reaching impact. ‘
“We are concerned that there are a large number of victims,” Psaki said.
Microsoft and the person working with the US response blame the initial wave of attacks on a Chinese government-backed actor. A Chinese government spokesman said the country was not behind the invaders.
What started last year as a controlled attack on some classic espionage targets has grown into a widespread campaign last month. Security officials said this implied that unless China changed tactics, a second group might have become involved.
More attacks are expected from other hackers as the code used to take control of the email servers spreads.
The hackers only used the backdoors in a small percentage of cases to re-enter through the infected networks, probably less than 1 in 10, the person working with the government said.
“A few hundred guys are exploiting them as fast as they can,” stealing data and installing other ways to return later, he said.
The initial path of the attack was discovered by leading Taiwanese cyber researcher Cheng-Da Tsai, who said he reported the defect to Microsoft in January. He said in a blog post that he was investigating whether the information was leaking.
He did not respond to requests for further comment.