More than 20,000 U.S. organizations have been compromised through a backdoor installed by recently fixed defects in Microsoft’s e-mail software, a person familiar with the U.S. government’s response said Friday. .
Hacking has already reached more sites than all the contaminated code downloaded from SolarWinds Corp, the company at the heart of another massive hacking discovered in December.
The latest hack has left channels for remote access to credit unions, city governments and small businesses, according to U.S. research records.
According to records, tens of thousands of organizations in Asia and Europe are also affected.
The hacks continue despite the emergency patches issued by Microsoft on Tuesday.
Microsoft, which had initially said hackers consisted of “limited and specific attacks,” on Friday declined to comment on the magnitude of the problem on Friday, but said it worked with government agencies and security companies to provide assistance to customers.
He added that “affected customers should contact our support teams for additional help and resources.”
A scan of connected devices showed that only 10% of the vulnerable had installed the patches on Friday, although the number was increasing.
Because installing the patch is not removed from the back doors, U.S. officials are debuting to figure out how to notify all victims and guide them in their search.
All those affected seem to run web versions of the Outlook email client and host them on their own machines, rather than relying on cloud providers. Records suggest this may have saved many of the largest federal government companies and agencies.
The Federal Security and Cybersecurity Agency did not respond to any requests for comment.
Earlier Friday, White House press secretary Jen Psaki told reporters that the vulnerabilities found on Microsoft’s widely used Exchange servers were “significant” and “could have far-reaching impacts.”
“We are concerned that there will be a large number of casualties,” Psaki said.
Microsoft and the person working with the U.S. response blamed the initial wave of attacks on an actor backed by the Chinese government. A Chinese government spokesman said the country was not behind the intrusions.
What began as a controlled attack late last year against some classic espionage targets grew last month into a widespread campaign. Security officials said this meant that unless China had changed tactics, a second group could have been involved.
More attacks from other hackers are expected as the code used to control the mail server spreads.
Hackers have only used the back doors to re-enter and move through infected networks in a small percentage of cases, probably less than 1 in 10, said the person working with the government.
“A couple of hundred guys blow them up as fast as they can,” stealing data and installing other ways to come back later, he said.
Taiwan’s first cyber researcher Cheng-Da Tsai discovered the first line of attack, which he said he reported the mistake to Microsoft in January. He said in a blog post that he was investigating whether the information was leaked.
He did not respond to subsequent comments.