(Adds details of hacks in Norway and Germany and comments from outside experts)
By Raphael Satter and Christopher Bing
WASHINGTON, March 10 (Reuters) – At least 10 different hacker groups are using a recently discovered flaw in Microsoft Corp’s email server software to hack targets around the world, cybersecurity company ESET said in a statement. blog on Wednesday.
The breadth of exploitation increases the urgency of warnings issued by authorities in the United States and Europe about deficiencies found in Microsoft’s Exchange software.
Security flaws in the widely used email and calendar solution leave the door open for industrial-scale cyber espionage, allowing malicious agents to steal email virtually at will from vulnerable servers. Tens of thousands of organizations have already been compromised, Reuters reported last week, and new victims are being reported daily.
Earlier on Wednesday, for example, Norway’s parliament announced that data had been “extracted” in a breach linked to Microsoft’s failures. The German cyber security surveillance agency also said on Wednesday that two federal officials were affected by the hack, although it declined to identify them.
While Microsoft has released patches, the slow pace of updates for many customers – which experts attribute in part to the complexity of the Exchange architecture – means that the field remains at least partially open to hackers of all types.
Microsoft did not immediately return a message requesting comments on the pace of customer updates. In previous announcements regarding the flaws, the company emphasized the importance of “fixing all affected systems immediately”.
While hacking appears to be focused on cyber espionage, experts are concerned that cybercriminals seeking rescue can take advantage of the flaws because it could lead to widespread disruption.
The ESET blog post said there were already signs of cybercriminal exploitation, with a group specializing in stealing computer resources to mine cryptocurrencies by hacking into previously vulnerable Exchange servers to spread its malicious software.
ESET has named nine other espionage-focused groups that it said are taking advantage of the flaws to break into targeted networks – several of which other researchers have linked to China. Interestingly, several of the groups seemed to know about the vulnerability before it was announced by Microsoft on March 2.
Ben Read, manager of cybersecurity company FireEye Inc, said he could not confirm the exact details in ESET’s post, but said his company also saw “several likely groups from China” using Microsoft’s flaws in different waves.
ESET researcher Matthieu Faou said in an e-mail that it was “very unusual” for so many different cyber espionage groups to have access to the same information before it was made public.
He speculated that the information “leaked in some way” before Microsoft’s announcement or was found by a third party that provides vulnerability information to cyber spies. (Reporting by Raphael Satter and Christopher Bing in Washington, edited by Matthew Lewis)
Our Standards: Thomson Reuters Trust Principles.