Font size
Microsoft has not commented on the scale of the attacks.
Drew Angerer / Getty Images
Microsoft‘s
Exchange email servers have been hit by a devastating hack that could ultimately turn out to be worse than the Russia-based one
SolarWinds
attack, which may have affected as many as 18,000 organizations.
On March 2, Microsoft announced in a blog post that a China-sponsored group calling it Hafnium is targeting Exchange Server software. The attacks consist of three steps, the company said.
First, it would gain access to an Exchange Server with stolen passwords or by using previously undiscovered vulnerabilities to disguise itself as someone who should have access, the company said. Second, it would create a so-called web shell to remotely control the compromised server. Third, it would use that remote access – performed from the US-based private servers – to steal data from an organization’s network. “
Security blogger Brian Krebs wrote on his website on Friday that at least 30,000 organizations have been affected by the attacks, including “small businesses, towns, cities and local governments.”
Krebs noted that following Microsoft’s disclosure of the hack, the Chinese group has “dramatically increased attacks on vulnerable, unpatched Exchange servers worldwide.” Krebs wrote that cybersecurity experts he spoke to claimed Hafnium had taken control of “hundreds of thousands” of Exchange servers worldwide.
The Wall Street Journal reported last weekend that the attacks could have affected tens of thousands of US businesses, government offices and schools, but added that the exact number is unclear, reaching 250,000 according to a source. On Friday, White House press secretary Jen Psaki said the attacks “could have far-reaching consequences … we are concerned that there are a large number of victims.”
The government’s Cybersecurity & Infrastructure Security Agency last week issued an “emergency directive” requiring federal agencies to address critical vulnerabilities. Former CISA Director Chris Krebs (no relation to Brian Krebs), who was fired by the Trump administration, tweeted past contractionk that this is “a crazy massive hack … the sheer scale and speed of this one is terrifying”.
Microsoft told it log that the company worked with government agencies and security companies to mitigate the incident, but declined to comment on the scale of the attacks.
“We are working closely with the CISA, other government agencies and security companies to ensure that we provide our customers with the best possible guidance and mitigation,” the company said in a statement to Barron’s on Monday. “The best protection is to apply updates to all affected systems as quickly as possible.” It said the company will continue to provide advice on how to investigate and address the damage, and that affected customers should contact its support teams.
In any case, so far the situation has not affected Microsoft’s stock price. Both Goldman Sacha and
Morgan Stanley
repeated their merchandise valuations Monday. The stock closed 1.8% at $ 227.39, while the Nasdaq Composite was down 2.4%.
Write to Eric J. Savitz at [email protected]