Text size
Microsoft did not comment on the scope of the attacks.
Drew Angerer / Getty images
Microsoftin
Exchange email servers were hit by a devastating hack that could turn out to be worse than
SolarWinds
attack, which may have affected up to 18,000 organizations.
On March 2, Microsoft posted on a blog that a China-sponsored group that it calls Hafnium is targeting Exchange Server software. The attacks have three stages, the company said.
“First, he would have access to an Exchange Server with passwords stolen or using … undiscovered vulnerabilities to disguise himself as someone who should have access,” said the company. “Second, it would create what is called a web shell to control the compromised server remotely. Third, he would use that remote access – executed from private servers based in the United States – to steal data from an organization’s network. “
Security blogger Brian Krebs wrote on his website on Friday that at least 30,000 organizations were affected by the attacks, including “small businesses, towns, cities and local governments”.
Krebs noted that, following Microsoft’s disclosure of the hack, the Chinese group “has dramatically stepped up attacks on any vulnerable and unpatched Exchange server worldwide.” Krebs wrote that the cybersecurity experts he spoke with claimed that Hafnium had taken control of “hundreds of thousands” of Exchange servers worldwide.
Wall Street Newspaper reported over the weekend that the attacks may have affected tens of thousands of US companies, government offices and schools, but added that the exact number is unclear and that, according to one source, it could reach 250,000. On Friday, White House press secretary Jen Psaki said the attacks “could have far-reaching impacts … we are concerned that there will be a large number of victims”.
The government’s Cybersecurity and Infrastructure Agency last week issued an “emergency directive” requiring federal agencies to remedy critical vulnerabilities. Former CISA director Chris Krebs (unrelated to Brian Krebs), who was fired by the Trump administration, tweeted last timek that this is “a huge crazy hack … the scale and speed of this one is terrifying.”
Microsoft told the daily that the company was working with government agencies and security companies to mitigate the incident, but declined to comment on the scope of the attacks.
“We are working closely with CISA, other government agencies and security companies to ensure that we are providing the best possible guidance and mitigation for our customers,” said the company in a statement issued to Barron’s on Monday. “The best protection is to apply updates as quickly as possible to all affected systems.” He said the company continues to provide guidance on how to investigate and deal with the damage, and that affected customers should contact their support teams.
So far, at least, the situation has not affected Microsoft’s stock price. Goldman Sacha and
Morgan Stanley
repeated its purchase ratings on Monday. The stock closed down 1.8% to $ 227.39, while the Nasdaq Composite fell 2.4%.
Write to Eric J. Savitz at [email protected]