According to cybersecurity firm ESET, at least ten different hacker groups are using a newly discovered vulnerability in Microsoft Corp’s mail server system to break into targets all over the world. The scope of the exploitation intensifies the urgency of government officials in the United States and Europe issuing alerts regarding vulnerabilities in Microsoft’s Exchange software.
The commonly used mail and calendaring solution’s security vulnerabilities open the door to industrial-scale cyber theft, allowing cyber criminals to steal emails from compromised servers freely. According to Reuters’ report, tens of thousands of companies have already been hacked, and new victims are being exposed on a regular basis.
Norway’s parliament, for example, reported earlier on Wednesday that data had been “extracted” in a breach related to the Microsoft flaws. On Wednesday, Germany’s cybersecurity watchdog agency said the hack had impacted two federal authorities, though it did not call them. Although Microsoft has released patches, the slow speed of many customers’ updates – which experts relate in part to Exchange’s complexity – means the field is still open to hackers of all stripes. Microsoft declined to comment on the rate at which customers are getting updates.
The organization has previously stressed the importance of “immediately patching all affected devices” in prior statements about the bugs. Despite the fact that the hacking seemed to be aimed at cyber espionage, experts are worried that ransom-seeking cybercriminals might exploit the vulnerabilities, causing widespread disruption.
According to ESET’s blog post, there have already been indicators of cybercriminal abuse, with one community specializing in stealing computer resources to mine cryptocurrency breaking through previously compromised Exchange servers to spread malicious software.
China has been blamed by Microsoft for the hack. However, the Chinese government denies the allegations. Surprisingly, most of the companies seemed to be aware of the vulnerability until Microsoft revealed it on March 2.
Ben Read, a director at cybersecurity firm FireEye Inc, said he couldn’t confirm the ESET post’s exact information, but that his company had seen “many likely-China groups” use the Microsoft flaws in waves.
In an email, ESET researcher Matthieu Faou said that so many cyber espionage groups getting access to the same information before it is made public was “very rare.” He speculated that the information “somehow leaked” ahead of the Microsoft reveal, or that it was detected by a third party who sells vulnerability data to cyber spies.