“Active threat”: Chinese hackers target 30,000 US entities | Cybercrime News
At least 30,000 American organizations, including local governments, have been hacked in recent days by an “unusually aggressive” Chinese cyberespionage campaign, according to a computer security specialist.
The campaign exploited recently discovered flaws in Microsoft Exchange software, stealing emails and infecting computer servers with tools that allow attackers to take control remotely, Brian Krebs said in a post on his website. cybersecurity information.
“It’s an active threat,” White House spokeswoman Jennifer Psaki said during a press briefing on Friday.
“All users of these servers must act now to fix them. We are concerned that there are a large number of victims, ”she added.
After Microsoft released fixes for the vulnerabilities on Tuesday, attacks “escalated considerably” on servers not yet updated with security patches, said Krebs, who cited anonymous sources familiar with the situation.
“At least 30,000 organizations across the United States – including a significant number of small businesses, cities and local governments – have been hacked in recent days by an unusually aggressive Chinese cyber espionage unit that focuses on stealing data. ’emails from victims’ organizations, ”Krebs wrote in the post.
He reported that insiders have said that hackers have “taken control” of thousands of computer systems around the world using password-protected software tools embedded in the systems.
Microsoft said earlier this week that a state-funded hacking group operating in China was exploiting previously unknown security holes in its Exchange email services to steal data from business users.
The company said the hacking group, which it named “Hafnium”, is a “highly skilled and sophisticated player”.
Hafnium has targeted US-based companies in the past, including infectious disease researchers, law firms, universities, defense contractors, think tanks, and NGOs.
In a blog post on Tuesday, Microsoft chief executive Tom Burt said the company has released updates to fix security vulnerabilities, which apply to local versions of the software rather than versions based on the. cloud, and urged customers to apply them.
“We know that many nation-state actors and criminal groups will act quickly to take advantage of any unpatched system,” he added at the time.
Microsoft said the group was based in China but operated through virtual private servers leased in the United States and that it had informed the United States government.
Beijing has already hit back at US accusations of state-sponsored cyber theft. Last year, he accused Washington of smears following allegations that Chinese hackers were trying to steal coronavirus research.
In January, U.S. law enforcement and intelligence services said Russia was likely behind the massive SolarWinds hack that rocked government and corporate security, contradicting the then president, Donald Trump, who had suggested that China could be to blame.
Microsoft said on Tuesday that the Hafnium attacks “were in no way related to the separate attacks related to SolarWinds.”
According to reports, more attacks are expected from other hackers.
Hackers have only used backdoors to enter and navigate infected networks in a small percentage of cases, probably less than one in 10, the person working with the government said.
“A few hundred guys are mining them as fast as they can,” stealing data and installing other means to come back later, he said.
The first avenue of attack was discovered by prominent Taiwanese cyber researcher Cheng-Da Tsai, who said he reported the flaw to Microsoft in January. He said in a blog post that he was investigating whether the information had been disclosed.
He did not respond to requests for further comment.