WASHINGTON (Reuters) – The hackers behind the powerful set of digital intrusion tools exposed this week have accumulated a worrying number of victims, the White House said on Friday, the latest indication that the cyber espionage campaign targeting software Exchange e-mail from Microsoft Corp poses a serious threat problem.
“This is a significant vulnerability that can have far-reaching impacts,” White House press secretary Jen Psaki told reporters. “We are concerned that there are a large number of victims.”
Wielding tools that exploited four previously unknown vulnerabilities, the supposedly Chinese group that Microsoft calls “Hafnium” has been hacking e-mail servers since January, remotely and silently draining information from their inboxes without having to send a single e- malicious email or rogue attachment.
Few victims of hackers have been reported so far. Microsoft said this week that the targets include infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and non-governmental groups.
On Tuesday, researchers at Dell Technologies’ Secureworks said the pace of hacking began to increase overnight last Sunday, something others saw as an indication that hackers stepped up their activities because they knew they were about to be exposed.
Much of the activity was concentrated in the United States, but the victims came from all over the world.
Norwegian authorities said they saw “limited” use of hacking tools in their country. The municipality of Prague and the Ministry of Labor and Social Affairs of the Czech Republic were among those affected, according to a European cyber official informed on the matter.
The official said that the ease of exploitation of the technique meant that hackers were effectively enjoying a “free buffet” since the beginning of the year.
The concern now is that others may be about to join the party.
Although Microsoft has published patches for the vulnerabilities and the United States government – including National Security Advisor Jake Sullivan – requires users to update their software, in practice not everyone does. Meanwhile, hackers are studying fixes to reverse-engineer Hafnium’s tools and take ownership of them.
When that happens, experts say, targeting can become even more aggressive.
Raphael Satter reporting; Editing by Dan Grebler and David Gregorio