“The challenge is that this is all so murky and there is so much overlap. What we’ve seen is that from when Microsoft published about Hafnium, it has expanded beyond just Hafnium. We’ve seen activity that looks different from tactics, techniques and procedures from what they reported on,” Nickels warned.
This picture has been used for representational purposes
At least five different hacking groups, including one from China, are currently attacking vulnerabilities in Microsoft`s email servers — described by the US government as “widespread domestic and international exploitation” that may affect hundreds of thousands of victims globally.
While Microsoft has already revealed that a Chinese government-linked hacking group known as Hafnium is targeting its on-premises `Exchange Server` software, the MIT Technology Review now reports that at least “four other distinct hacking groups are now attacking critical flaws in Microsoft`s email software”.
“There are at least five different clusters of activity that appear to be exploiting the vulnerabilities,” Katie Nickels, who leads an intelligence team at cybersecurity firm Red Canary that is investigating the cyber-attack, was quoted as saying in the report.
“The challenge is that this is all so murky and there is so much overlap. What we`ve seen is that from when Microsoft published about Hafnium, it has expanded beyond just Hafnium. We`ve seen activity that looks different from tactics, techniques and procedures from what they reported on,” Nickels warned.
Microsoft said that the company is “working closely with CISA (Cybersecurity and Infrastructure Security Agency), other government agencies, and security companies to ensure we are providing the best possible guidance and mitigation for our customers”.
White House press secretary Jen Psaki had said last week that they are concerned that “there is a large number of victims who are working with our partners to understand the scope of this”.
“Network owners also need to consider whether they have already been compromised and should immediately take appropriate steps,” Psaki had said while briefing the media.
According to KrebsOnSecurity, at least 30,000 organisations across the US, including government and commercial firms, have been hacked by China-based threat actors who used Microsoft`s Exchange Server software to enter their networks. The China-based espionage group allegedly exploited four vulnerabilities in Microsoft Exchange Server email software.
The vulnerabilities allowed the hackers to gain access to email accounts, and also gave them the ability to install malware, according to Microsoft, which reported about the China-based threat actors but did not reveal the scale at which tens of thousands of organisations have been hit.
The Exchange Server is primarily used by business customers. Microsoft has released several security updates to fix the vulnerabilities, advising its customers to install those immediately.