That Microsoft Exchange security makes you flawed perhaps heard of it are really beaten. If there ever was a time for cybersecurity reporters to propagate metaphors with phrases like “blood in the water” and “crazy swarm of piranhas,” it may be now.
At least 10 separate advanced persistent threat actors (a fancy term for well-organized hacker groups) target the vulnerabilities of the email product, said a recent report from security company ESET. This contradicts what Microsoft initially said that the flaws were primarily targeted by one group, a “state-sponsored” threat actor in China they call “HAFNIUM.”
Instead, ESET reports that Exchange is in fact being ransacked by nearly a dozen different groups, all of which have names that sound like bad gamertags, including Tick, LuckyMouse, Calypso, Websiic, Winnti, TontoTeam, Mikroceen, and DLTMiner. There are apparently also two other hacker groups that have not yet been identified. So yeah, it’s a pretty big mess.
The hacking appears to have picked up right after Microsoft released its patches, as the ESET report states that “the day after the patch’s release,” security researchers “began to see many more threat actors (including Tonto Team and Mikroceen) scanning and massive compromise of Exchange servers. ”
G / O Media can receive a commission
A new report from Security researchers with DomainTools have also thrown cold water on the idea that “HAFNIUM” is actually a hacker group associated with the Chinese government. So above all it is not even clear who or what “HAFNIUM” is:
“While such a link [to the PRC] is certainly possible and cannot be ruled out, as at the time of writing no conclusive evidence has emerged linking HAFNIUM operations to the People’s Republic of China (PRC). And HAFNIUM is also far from the only entity assessed for this vulnerability. “
Who is being attacked? According to a warning from the FBI published Wednesday, the answer seems to be: pretty much everyone.
Threat actors target local governments, academic institutions, nongovernmental organizations and business entities across multiple industry sectors, including agriculture, biotechnology, aerospace, defense, legal services, energy, and pharmaceuticals.
While the entities in the US have reportedly been affected by 30,000 or more, so far it has been a slow trickle of disclosures – although local governments and small businesses are believed to be some of the more heavily focused. On Wednesday, US officials said that, so far there is no evidence that federal executive agencies have been affected by the attacks.