WASHINGTON (Reuters) – The hackers behind the powerful set of digital intrusion tools that came to light this week have taken a worrying number of victims, the White House said Friday, the latest indication that the cyber-espionage campaign targeting Microsoft Corp’s Exchange email software has taken a serious. threat.
“This is a significant vulnerability that can have far-reaching consequences,” White House press secretary Jen Psaki told reporters. “We are concerned that there are a large number of victims.”
Using tools that exploited four previously unknown vulnerabilities, the allegedly Chinese group that Microsoft calls “ Hafnium ” has been breaking into email servers since January, remotely and silently siphoning information from their inboxes without a single malicious email or email. sending a fraudulent attachment.
Few victims of the hackers have been made public so far. Microsoft said this week that the targets were infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and nongovernment groups.
On Tuesday, researchers at Dell Technologies Secureworks said the pace of the break-ins started to pick up overnight last Sunday, something others have read as an indication that the hackers were ramping up their activity because they knew they were about to to be exposed.
Much of the activity has been concentrated in the United States, but victims have surfaced around the world.
Norwegian authorities said they had seen “limited” use of the hacking tools in their country. Prague Municipality and the Czech Ministry of Labor and Social Affairs were among those affected, according to a European cyber official who was briefed on the matter.
The official said the technique’s ease of use meant that the hackers actually enjoyed a “free buffet” since the beginning of the year.
The concern now is that others are about to join the party.
While Microsoft has released fixes for the vulnerabilities and the US government – including National Security Adviser Jake Sullivan – has urged users to update their software, in reality not everyone is. Meanwhile, hackers are studying solutions to reverse engineer Hafnium’s tools and appropriate them for themselves.
Once that happens, experts say, targeting can get even more aggressive.
Reporting by Raphael Satter; Editing by Dan Grebler and David Gregorio