Tens of thousands of Microsoft client organizations in the United States, Asia, and Europe have fallen victim to a massive cyberattack. Criminals exploited vulnerabilities in Microsoft's Exchange Server software, which could lead to a global cybersecurity crisis. Hundreds of thousands of companies, including those of strategic importance, use Microsoft Exchange Server mail.
More than 30,000 private companies and government agencies in the United States, as well as tens of thousands of organizations in Europe and Asia, have been victims of a massive hacker attack due to a security hole in Microsoft's corporate email software, which can be used for massive digital espionage.
On March 5, Reuters reported a massive hacking of Microsoft Exchange Server software. At that time, nearly 20,000 organizations were affected. The vulnerability allowed gaining full access to the organization's server and, consequently, data.
But as of March 7, the number of affected organizations had grown to 60,000. While the exact number of victims is still unknown, the data ranges from tens of thousands to 250 thousand.
Microsoft urgently released an update for Microsoft Exchange Server on March 2, but there are two big issues. First, it closes a security hole, but will not help those systems that have already been compromised. Second, by March 5, it had been installed on only 10 percent of the devices under attack. The US authorities are trying to identify all victims. Microsoft urges customers affected by the hack to contact the company's support team.
On Wednesday, March 3, Microsoft reported that Chinese hackers attacked local versions of Microsoft Exchange Server in an attempt to obtain information from various organizations in the United States.
According to media reports, hacker groups tried to obtain information from infectious disease researchers, think tanks, universities, etc. In particular, the hackers' victims included government agencies, city administrations, non-governmental institutions, and private companies from a variety of areas – from banks and electricity suppliers to nursing homes and ice cream makers. Affected organizations are known to have used Outlook on their computers (not the cloud) that works with Microsoft Exchange Server.
The researchers support the version that the hacking was carried out by the group of Chinese hackers called Hafnium, but their statement does not claim that the team is sponsored by the Chinese government. The Chinese Ministry of Foreign Affairs denied any involvement, saying that Beijing is opposed to any cyberattacks.
The hack supposedly lasted for about two months, starting on January 6 and ending on March 2, when Microsoft released a security update. At first, no one noticed the hackers' actions due to the small scale of the attack. Later, they managed to automate the process, resulting in tens of thousands infected servers.
The US government has already called the incident a "global cybersecurity threat" because of its scale. The White House administration also announced that it is actively working on researching the problem, collaborating with Microsoft, and developing possible responses.