At least 10 hacking groups using Microsoft software flaw


At least 10 different hacking groups are using recently discovered flaws in Microsoft’s mail server software to break into targets around the world, cybersecurity company ESET said in a blog post on Wednesday

The breadth of the exploitation adds to the urgency of the warnings being issued by authorities in the United States and Europe about the weaknesses found in Microsoft’s Exchange software

The security holes in the widely used mail and calendaring solution leave the door open to industrial-scale cyber-espionage, allowing malicious actors to steal emails virtually at will from vulnerable servers or move elsewhere in the network

Tens of thousands of organisations have already been compromised, Reuters reported last week, and new victims are being made public daily

Earlier on Wednesday, for example, Norway’s parliament announced data had been “extracted” in a breach linked to the Microsoft flaws

Germany’s cybersecurity watchdog agency also said on Wednesday two federal authorities had been affected by the hack, although it declined to identify them

While Microsoft has issued fixes, the sluggish pace of many customers’ updates - which experts attribute in part to the complexity of Exchange’s architecture - means the field remains at least partially open to hackers of all stripes

The patches do not remove any back door access that has already been left on the machines

US cybersecurity firm FireEye discloses breach, theft of hacking tools In addition, some of the back doors left on compromised machines have passwords that are easily guessed, so that newcomers can take them over

Microsoft declined to comment on the pace of customers’ updates

In previous announcements pertaining to the flaws, the company has emphasized the importance of “patching all affected systems immediately

” Although hacking has appeared to be focused on cyber espionage, experts are concerned about the prospect of ransom-seeking cybercriminals taking advantage of the flaws because it could lead to widespread disruption

ESET’s blog post said there were already signs of cybercriminal exploitation, with one group that specializes in stealing computer resources to mine cryptocurrency breaking into previously vulnerable Exchange servers to spread its malicious software

ESET named nine other espionage-focused groups it said were taking advantage of the flaws to break into targeted networks - several of which other researchers have tied to China

Microsoft has blamed the hack on China

The Chinese government denies any role

Intriguingly, several of the groups appeared to know about the vulnerability before it was announced by Microsoft on March 2

Up to 60,000 computer systems exposed in Germany to Microsoft flaw: BSI Ben Read, a director with cybersecurity company FireEye, said he could not confirm the exact details in the ESET post but said his company had also seen “multiple likely-China groups” using the Microsoft flaws in different waves

ESET researcher Matthieu Faou said in an email it was “very uncommon” for so many different cyberespionage groups to have access to the same information before it is made public

He speculated that either the information “somehow leaked” ahead of the Microsoft announcement or it was found by a third party that supplies vulnerability information to cyberspies

Taiwan-based researchers reported to Microsoft on January 5 that they had found two new flaws which need patching

Those two were among those that began being used by the attackers shortly before or after the friendly report

They said were investigating whether there had been a theft or leak on their side since exploitation was discovered in the wild the same week later

So far, the group called Devcore said, they had found no evidence

Top-flight hackers are also commonly targeted by other hackers

Just this week, Microsoft patched one of the flaws used by suspected North Koreans in attempts to steal information from Western researchers

But simultaneous discovery happens fairly often, in part because researchers use the same or similar tools to hunt for serious flaws, and many eyes are looking at the same high-value targets

“It is very likely that some actor groups may have been using these vulnerabilities and led to the result of the attacks being observed by other information security vendors,” Devcore member Bowen Hsu told Reuters

But the security industry has been abuzz with other theories, including a hack of Microsoft’s systems for tracking bugs, which has happened in the past



Date:12-Mar-2021 Reference:View Original Link