These Microsoft Exchange security holes leave you you may have heard about are really being beaten. If there was ever a time for cybersecurity reporters to spread metaphors involving phrases like “blood in the water” and “swarm of mad piranhas”, it could be now.
At least 10 separate advanced persistent threat agents (a fancy term for well-organized hacker groups) target email product vulnerabilities, according to a recent report from ESET security company. This is contrary to what Microsoft initially said, which is that the flaws were mainly targeted by a group, a “state-sponsored” threat actor located in China that they are calling “HAFNIUM”.
Instead, ESET reports that Exchange is basically being pillaged by about a dozen different groups, all of which have names that sound like bad gamertags, including Tick, LuckyMouse, Calypso, Websiic, Winnti, TontoTeam, Mikroceen and DLTMiner. Apparently, there are also two other groups of hackers that have not yet been identified. So, yes, it’s a big mess.
The invasion also appears to have started shortly after Microsoft released its patches, as the ESET report states that “the day after the patch was released” security researchers “started seeing many more threat agents (including Tonto Team and Mikroceen ) scanning and compromising Exchange servers in bulk. ”
G / O Media can receive a commission
ONE new report from DomainTools security researchers also poured cold water on the idea that “HAFNIUM” is actually a group of hackers associated with the Chinese government. So, above all, it is not even clear who or what “HAFNIUM” is:
“Although such a link [to the PRC] it is certainly possible and has not been ruled out, at the time of writing, no conclusive evidence has emerged linking HAFNIUM’s operations to the People’s Republic of China (PRC). And HAFNIUM is also far from being the only entity assessed for targeting this vulnerability. “
Who is being targeted? According to a Warning of the FBI published on Wednesday, it seems that the answer is: almost everyone.
Threat actors target local governments, academic institutions, non-governmental organizations and business entities in various sectors of the industry, including agriculture, biotechnology, aerospace, defense, legal services, energy and pharmaceutical utilities.
Although entities in the United States have been affected by 30,000 or more, so far there has been a slow trickle of disclosures – although local governments and small businesses are thought to be some of the most targeted. On Wednesday, US officials said it, so far, there is no evidence of federal executive bodies committed to the attacks.