Text size
Microsoft has not commented on the extent of the attacks.
Drew Angerer / Getty Images
Microsoft‘s
Exchange email servers have been hit by a devastating hack that could end up being worse than Russia-based ones
SolarWinds
attack, which could have affected up to 18,000 organizations.
On March 2, Microsoft revealed in a blog post that a Chinese-backed organization called Hafnium has been targeting Exchange Server software. The attacks have three stages, the company said.
“Initially, it would gain access to an exchange server either with stolen passwords or by using an roimhe previously undetected vulnerability to go wrong as a person who should have access, ”Said the company. “Second, it would create a web shell to control the server remotely. Third, it would use that remote access – run from US-based private servers – to steal data from an organization’s network. ”
Security blogger Brian Krebs wrote on his website on Friday that the attacks have affected at least 30,000 organizations, including “small businesses, towns, cities and local governments.”
Krebs noted that after Microsoft unveiled the hack, the Chinese group “severely attacked any vulnerable exchange servers around the world. Krebs wrote that cybersecurity experts he spoke to said Hafnium had taken control of “hundreds of thousands” of Exchange servers worldwide.
The Wall Street Journal reported over the weekend that the attacks could affect tens of thousands of U.S. businesses, government offices and schools, but added that the exact number is unclear, and according to one source it could be as high as 250,000. On Friday, White House press secretary Jen Psaki said “the attacks could have a far-reaching impact… we are concerned that there are a large number of victims. ”
Last week the government’s Cybersecurity & Infrastructure Security Agency issued “emergency guidance” urging federal agencies to seize emergency vulnerabilities. Former CISA director Chris Krebs (unrelated to Brian Krebs), fired by the Trump administration, finally tweetedk that “this is a really awful hack … the scale and speed of this one is awful.”
Microsoft told the Iris that the company was working with government agencies and security companies to mitigate the incident, but declined to comment on the extent of the attacks.
“We work closely with the CISA, other government agencies, and security companies, to ensure that we provide the best guidance and discount to our customers,” the company said in a statement. which went out to Barron’s on Monday. “The best defense is to implement updates as quickly as possible across all affected systems. ”They said the company continues to provide guidance on how to investigate and deal with the damage, and that affected customers should contact the support teams.
So far, the stock price has not been affected by the situation. Both Goldman Sacha and
Morgan Stanley
again their Monday purchase rating. The stock closed down 1.8% at $ 227.39, while the Nasdaq Composite fell 2.4%.
Write to Eric J. Savitz at [email protected]