Network security company ESET said in a blog post on Wednesday that at least 10 different hacker groups are using recently discovered vulnerabilities in Microsoft mail server software to invade global targets.
The breadth of exploits has increased the urgency of warnings issued by US and European authorities regarding weaknesses found in the Microsoft Exchange software.
Security vulnerabilities in widely used mail and calendar solutions have opened the door to industrial-scale cyber espionage, allowing malicious actors to steal email from vulnerable servers or move it elsewhere on the network at will. According to a Reuters report last week, thousands of organizations have been threatened, and new victims are made public every day.
For example, earlier on Wednesday, the Norwegian Parliament announced that data had been “extracted” from vulnerabilities related to Microsoft vulnerabilities. The German cybersecurity watchdog also said on Wednesday that the two federal authorities had refused to reveal their identities despite being affected by the hacker attack.
Although Microsoft has released fixes, the pace of updates for many customers has been slow (experts attribute this in part to the complexity of the Exchange architecture), which means that the field is still open to at least all types of hackers. The patch will not delete any backdoors that have been set aside on the machine.
In addition, some of the backdoors left on the infected machine have easy-to-guess passwords so that newcomers can take over them.
Microsoft declined to comment on the speed of customer updates. In previous announcements about these deficiencies, the company emphasized the importance of “immediately patching all affected systems.”
Although hacking seems to be focused on cyber espionage, experts are concerned about the prospects of cybercriminals who use these vulnerabilities to seek ransom because it can cause widespread damage.
ESET’s blog post stated that there are already signs of cybercrime exploitation, with an organization specializing in the theft of computer resources to mine cryptocurrency breaking into a previously vulnerable Exchange server to spread its malware.
ESET pointed to nine other groups focused on espionage that used these vulnerabilities to infiltrate target networks-which other researchers have linked to China. Microsoft blamed China for this hacking attack. The Chinese government denies any role.
Interestingly, before Microsoft announced the vulnerability on March 2, several of the groups seemed to be aware of the vulnerability.
Ben Read, director of the cyber security company FireEye, said he could not confirm the exact details in the ESET post, but said his company has also seen “multiple organizations that may be Chinese” using Microsoft in different ways. Vulnerabilities.
ESET researcher Matthieu Faou said in an email that it is “very rare” for so many cyber espionage organizations to access the same information before it becomes public.
He speculated that the information was either “leaked in some way” before Microsoft announced it, or it was discovered by a third party who provided vulnerability information to cyber spies.
Taiwanese researchers reported to Microsoft on January 5 that they had discovered two new flaws that needed to be fixed. These two are the ones that began to be used by attackers shortly before or shortly after the friendly report.
They said that because they discovered the exploitation in the wild the same week later, they are investigating whether there has been a theft or leakage. So far, the organization named Devcore said that they have not found any evidence.
Top hackers are usually also targets of other hackers. Just this week, Microsoft patched one of the loopholes where suspected North Koreans tried to steal information from Western researchers.
But simultaneous discovery often occurs, partly because researchers use the same or similar tools to find serious flaws, and many people are looking at the same high-value targets.
Devcore member Bowen Hsu told Reuters: “Some participant groups are likely to be exploiting these vulnerabilities and causing other information security vendors to observe the results of the attack.”
But the security industry has been communicating with other theories, including the mistakes of hackers invading Microsoft systems in the past.
Thomson Reuters 2021 ©
Is Amazonbasics TV enough to outperform Mi TV in India? We discussed this on the weekly technical podcast Orbital, you can subscribe via Apple Podcast, Google Podcast or RSS, download the episode, or click the play button below.