At least 30,000 US organizations, small businesses and government offices were victims of Microsoft Exchange hack: Krebs
- An espionage group has hacked some 30,000 US organizations over the past few days, KrebsOnSecurity reported.
Microsoftreleased several security updates to its Exchange hack.
- The group was able to target businesses and local government agencies, according to KrebsOnSecurity.
At least 30,0000 organizations across the US have been hacked over the last few days through flaws in Microsoft's Exchange server email software, sources familiar with the matter told KrebsOnSecurity.
The "unusually aggressive Chinese cyber espionage unit" that Microsoft calls "Hafnium" is focusing on stealing emails from a range of victims, including companies, small businesses, and local governments, Krebs said.The group exploited four flaws in Microsoft's Exchange servers. The bugs gave attackers full remote control over the affected systems.
Microsoft released a security update this week to patch Exchange versions from 2013 to 2019. Microsoft recommended users immediately install updates to the Exchange product, which is primarily used by business customers. The company also said that it informed appropriate US government agencies about the breach.Microsoft said the email system is used by organizations including companies, infectious disease researchers, defense contractors, law firms, NGOs, and universities.
The purported Chinese hacking group is responsible for seizing control over hundreds of thousands of Microsoft Exchange servers worldwide, two anonymous cybersecurity experts told KrebsOnSecurity.Chinese Foreign Ministry spokesman Wang Wenbin responded to Microsoft's accusations in a Wednesday press briefing, saying there was not enough evidence to draw a conclusion on the Exchange hack's origins, according to Bloomberg. This is the eighth time in the last 12 months that Microsoft has publicly reported state-sponsored hacks.
White House Press Secretary Jen Psaki said in a press briefing on Friday that the weaknesses found in Microsoft's Exchange Servers were "significant."
"We're concerned that there are a large number of victims," she added.The Prague municipality and the Czech Ministry for Labor and Social Affairs were impacted by the Hafnium server breach, according to Reuters who cited a European cyber official briefed on the issue.
- JEE Mains entrance exam postponed amid surge in COVID-19 cases
- Delhi CM Arvind Kejriwal says COVID-19 positivity rate has gone up to 30%, only 100 ICU beds left
- India records highest single-day rise of 2,61,500 COVID-19 cases and 1,501 deaths
- Odisha halts COVID-19 vaccination drive in 1,035 sites due to its acute shortage
- All Migrant workers coming to Uttar Pradesh to be quarantined