These Microsoft Exchange security issues affect you you may have heard about it’s really a hassle. If there was ever a time for cybersecurity reporters to uncover metaphors that contain phrases like “blood in the water” and “swarm disturbed by piranhas,” it could be right now.
At least 10 actors of persistent and advanced threats (an elegant term for well-organized hacker groups) target email product vulnerabilities, according to a recent report from ESET security company. This is contrary to what Microsoft initially said, which is that the defects were mainly targeted by a group, a “state-sponsored” threat actor located in China, which they call “HAFNIUM”.
Instead, ESET reports that Exchange is getting virtually robbed by nearly a dozen different groups, however they have names that sound like bad gamertags, including Tick, LuckyMouse, Calypso, Websiic, Winnti, TontoTeam, Mikroceen and DLTMiner. There are also apparently two other groups of hackers who have not yet been identified. So, yes, it’s a pretty big mess.
Hacking appears to have spread even after Microsoft released its patches, as the ESET report states that “the day after the patch was released” security researchers “began to see many more threats (including Tonto Team and Mikroceen) also scanning the mass compromise of Exchange servers. ”
G / O Media may receive a commission
A new report from DomainTools security researchers also threw cold water on the idea that “HAFNIUM” is actually a group of hackers associated with the Chinese government. So, among all the others, it is not even clear who or what “HAFNIUM” is:
“While such a connection [to the PRC] it is certainly possible and has not been ruled out, as no conclusive evidence has emerged from this writing linking HAFNIUM operations to the People’s Republic of China (PRC). And HAFNIUM is also far from the only entity assessed to address this vulnerability. ”
Who is targeted? According to a warning from the FBI released Wednesday, it would seem that the answer is: just about everyone.
The threat actors targeted local governments, academic institutions, non-governmental organizations and business entities in several industrial sectors, including agriculture, biotechnology, aerospace, defense, legal services, electricity companies and pharmaceuticals.
While U.S. entities have said they are affected by 30,000 or more, so far there has been a slow flow of disclosures – although local governments and small businesses it is believed to be some of the most targeted. On Wednesday, US officials he said that, so far, there is no evidence that federal executive agencies have been compromised by the attacks.