Over 20 thousand private businesses and government institutions in the United States, as well as tens of thousands of organizations in Europe and Asia, have suffered hacker attacks due to a vulnerability in Microsoft’s messaging application Exchange Server. This was reported by Reuters, referring to an anonymous source said to be close to the American government.
According to the source, the vulnerability allowed the attackers to gain access to email servers used by the compromised organizations. The backdoor was repeatedly used to get access to the infected networks in only 10% of the following cases. This causes concerns that the attackers are probably installing other means to re-enter the networks at later times.
The initial attacks were carried out at the end of 2020 and were aimed at several classic espionage targets. The attack pattern was first discovered by Taiwanese cybersecurity expert Cheng-Da Tsai in January and was immediately reported to Microsoft.
By February 2021, the attack grew into a concerted campaign against both governmental institutions and privately-owned businesses all over the world. According to the investigation currently carried out by the USA, the attackers possibly still have remote access to the systems used by credit unions, local US government agencies, and small businesses.
On the 2nd of March, Microsoft released an emergency update. But as of the 5th of March, it was only installed by 10% of the compromised devices. The U.S. government is currently working on identifying all of the possible victims of the attack, while Microsoft is urging the users affected by it to immediately contact customer support.
The crisis is said to be far from over. As the code used to take control over the mail servers spreads more attacks are expected to happen in the nearest future.
Microsoft claims that the Chinese government is behind the initial attacks. PR China officials have already denied any kind of involvement.