Text size
Microsoft has not commented on the extent of the attacks.
Drew Angerer / Getty Images
Microsoft‘s
Exchange e-mail servers have been hit by devastating hacking that could eventually turn out to be worse than in Russia.
SolarWinds
attack, which may have affected up to 18,000 organizations.
On March 2, Microsoft disclosed in a blog post that a China-sponsored group called Hafnium has targeted Exchange Server software. The attacks have three steps, the company said.
“First, you would access an Exchange server with stolen passwords or through … previously undiscovered vulnerabilities to disguise yourself as someone who should have access,” the company said. “Second, what is called a web shell would be created to control the compromised server remotely. Third, it would use this remote access – run from private servers based in the United States – to steal data from an organization’s network.
Security blogger Brian Krebs wrote on his website on Friday that at least 30,000 organizations have been affected by the attacks, including “small businesses, towns, cities and local governments.”
Krebs noted that following the release of the Microsoft hack, the Chinese group “dramatically intensified attacks on vulnerable, unpatched Exchange servers around the world.” Krebs wrote that the cybersecurity experts he spoke to claimed that Hafnium had taken control of “hundreds of thousands” of Exchange servers worldwide.
The Wall Street Journal reported over the weekend that the attacks could have affected tens of thousands of U.S. businesses, government offices and schools, but added that the exact number is unclear and, according to one source, could reach 250,000 . On Friday, White House press secretary Jen Psaki said the attacks “could have far-reaching impacts … we are concerned that there will be a large number of casualties.”
Last week, the Cybersecurity and Infrastructure Security Agency issued an “emergency directive” requiring federal agencies to be able to correct critical vulnerabilities. Former CISA director Chris Krebs (unrelated to Brian Krebs) fired by the Trump administration has been tweeting latelyk that he is “a huge, crazy pirate … the grand scale and speed of this one is terrifying.”
Microsoft told magazine that the company was working with government agencies and security companies to mitigate the incident, but declined to comment on the extent of the attacks.
“We are working closely with CISA, other government agencies and security companies to ensure we provide the best possible guidance and mitigation to our clients,” the company said in a statement issued to De Barron Monday. “The best protection is to apply updates as soon as possible to all affected systems.” He said the company continues to provide guidance on how to investigate and deal with damage and that affected customers should contact their support teams.
At least so far, the situation has not affected the price of Microsoft shares. Both Goldman Sacha and
Morgan Stanley
repeated their buying scores on Monday Shares closed up 1.8% to $ 227.39, while the Nasdaq Composite fell 2.4%.
Write to Eric J. Savitz at [email protected]