The espionage group is known to have exploited four vulnerabilities in Microsoft Exchange Server email software, which provided them access to email accounts, and also gave them the ability to install malware.
San Francisco: In a big cyber attack, China-based threat actors hacked at least 30,000 organisations across the US, including government and commercial firms, by using Microsoft’s Exchange Server software to enter their networks. The espionage group is known to have exploited four vulnerabilities in Microsoft Exchange Server email software, which provided them access to email accounts, and also gave them the ability to install malware. Also Read – Cyber Security: 45% of Indian Online Users Hit by Local Threats in 2020
Microsoft said its email exchange software has been infiltrated in a state-sponsored attack which the White House is now calling an “active threat”.
There are fears hundreds of thousands of public and private sector organisations worldwide have been compromised, allowing hackers to download emails.
Microsoft has reported the threat but did not reveal the scale at which tens of thousands of organisations have been hit.
Microsoft is currently trying to fix the vulnerabilities and has also released several security updates, advising its customers to install those immediately.
Earlier this week, Microsoft warned its customers against a new sophisticated nation-state cyber-attack that has its origin in China and is primarily targeting on-premises ‘Exchange Server’ software of the tech giant.
Called “Hafnium,” it operates from China and is attacking infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks, and NGOs in the US for the purpose of exfiltrating information. “While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the US,” said Tom Burt, Corporate Vice President, Customer Security and Trust at Microsoft.
AUT computer science professor Dave Parry said the hackers could steal valuable intellectual property or use information to blackmail people.
“It is extremely concerning, the ones that have been attacked really have been completely open, so the attackers could have taken whatever emails they like from these exchange servers – and looked at calendar appointments, all sorts of other things.”
Professor Parry said people should download a fix immediately – although this will only work if servers were not already compromised.
He said people should also run a security check to find and delete any malicious software installed.
Professor Parry said it appeared only those who run their own exchange servers were being affected, rather than those using cloud-based Microsoft email.
He said central government likely has good hacking protection so possibly will not have been compromised, but local councils, DHBs and medium scale businesses could all have been affected.
Professor Parry said the hack was another reminder if how insecure email could be.
Andrew Cushen from InternetNZ said it was a large, widespread attack on tools that are commonly in New Zealand and around the world.
“But that it’s been discovered gives us an opportunity to act and to manage the challenges that this presents. So if you are worried now’s the time to act.”
He said people should contact their IT specialists or go to the website of CertNZ, New Zealand’s cyber security agency, for more information.
Michael Shearer, CertNZ’s principal advisor for threats and vulnerabilities, said he wouldn’t comment on which New Zealand firms have been affected, saying that information was confidential.
He said it’s a reminder to have automatic updates turned on – something home users generally do.
“The public service is aware of and appropriately managing the risks to its own networks,” Little said.
