Text size
Microsoft did not comment on the extent of the attacks.
Drew Angerer / Getty Images
MicrosoftS
Exchange email servers have been hit by a devastating hack that could eventually turn out to be worse than the one in Russia
SolarWinds
attack, which could have affected up to 18,000 organizations.
On March 2, Microsoft revealed in a blog post that a Chinese-sponsored group called Hafnium is targeting Exchange Server software. The attacks have three steps, the company said.
“First, he would have access to an Exchange server either with stolen passwords or using … previously undiscovered vulnerabilities to disguise himself as someone who should have access,” the company said. “Second, it would create what is called a web shell to remotely control the compromised server. Third, it would use that remote access – run from private servers in the US – to steal data from an organization’s network. ”
Security blogger Brian Krebs wrote on his website on Friday that at least 30,000 organizations were affected by the attacks, including “small businesses, cities, towns and local governments.”
Krebs noted that after Microsoft revealed the hack, the Chinese group “dramatically intensified attacks on any vulnerable, imperfect, global Exchange servers.” Krebs wrote that the cybersecurity experts he spoke to said that Hafnium took control of “hundreds of thousands” of Exchange servers around the world.
The Wall Street Journal reported over the weekend that the attacks could have affected tens of thousands of American businesses, government offices and schools, but added that the exact number is unclear and, according to a source, could be as high as 250,000. On Friday, White House press secretary Jen Psaki said the attacks “could have a large impact … we are concerned that there are large numbers of casualties.”
The government’s cybersecurity and infrastructure security agency issued an “emergency directive” last week calling on federal agencies to address critical vulnerabilities. Former CISA director Chris Krebs (unrelated to Brian Krebs), who was fired by the Trump administration, wrote on Twitter last timek that this is “a crazy crazy hack … its magnitude and pure speed are terrifying.”
Microsoft said for diary that the company is working with government agencies and security companies to mitigate the incident, but declined to comment on the extent of the attacks.
“We work closely with CISA, other government agencies and security companies to ensure that we provide the best possible guidance and mitigation for our customers,” the company said in a statement. Barron’s months. “The best protection is to apply updates as soon as possible to all affected systems.” The company said the company continues to provide guidance on how to investigate and manage damage and that affected customers should contact its support teams.
At least so far, the situation has not affected Microsoft’s share price. Both Goldman Sacha and
Morgan Stanley
they repeated their purchase ratings on Monday. The stock closed 1.8% at $ 227.39, while the Nasdaq Composite fell 2.4%.
Write to Eric J. Savitz at [email protected]