This Microsoft Exchange security is failing you you may have heard of it they are really getting hit. If ever there was a time for cybersecurity journalists to trot out metaphors that included phrases like “blood in the water” and “swarm of messy piranhas,” it could be right now.
According to at least ten advanced and persistent threat actors (an elegant term for well-organized groups of hackers), they target email product vulnerabilities. a recent report from ESET security company. This is contrary to what Microsoft initially said, namely that the flaws were primarily the target of a group, a “state-sponsored” threatening actor located in China called “HAFNIUM”.
Instead, ESET reports that Exchange is basically being robbed by about a dozen different groups, all of them they have names that sound like bad game labels, such as Tick, LuckyMouse, Calypso, Websiic, Winnti, TontoTeam, Mikroceen, and DLTMiner. It appears that there are also two other groups of hackers who have not yet been identified. So yeah, it’s a pretty big mess.
It appears that the hacking also took place directly after Microsoft released its patches, as the ESET report states that “the day after the patch was released” security researchers “began to see many more threatening actors (including Tonto Team and Mikroceen) massively scanning and compromising Exchange servers. ”
G / O Media may receive a commission
A new report from DomainTools security researchers have also thrown cold water with the idea that “HAFNIUM” is actually a group of hackers associated with the Chinese government. Therefore, in addition to everything else, it is not even clear who or what “HAFNIUM” is:
“While this link [to the PRC] it is certainly possible and has not been ruled out, as no conclusive evidence has emerged in this writing relating HAFNIUM operations to the People’s Republic of China (PRC). And HAFNIUM is also far from being the only entity evaluated that is directed against this vulnerability.
Who is it aimed at? According to one warning from the FBI released Wednesday, it seems the answer is: almost everyone.
Threat actors have targeted local governments, academic institutions, non-governmental organizations and business entities in various industrial sectors, including agriculture, biotechnology, aerospace, defense, legal services, electrical services. and pharmaceuticals.
Although U.S. entities were said to have been affected by up to 30,000 or more, so far there has been a slow flow of disclosures, although local governments and small businesses they are believed to be some of the best oriented. Wednesday, U.S. officials said that, so far, there is no evidence that federal executive agencies have been involved in the attacks.