More than 20,000 US organizations have been compromised through a backdoor (covert method of bypassing normal authentication or encryption in a device) created by recently patched flaws in US-based software giant Microsoft’s email service.
The hacking has now infiltrated more places than all of the infected code downloaded from SolarWinds, the company at the center of another major hacking spree discovered in December.
According to records from the US investigation, the new hack has left networks for remote access spread among credit unions, town governments, and small businesses.
The hacking is still going on despite emergency patches issued by Microsoft on Tuesday.
Microsoft, which had initially claimed that the hacks were limited and targeted attacks, declined to comment on the scope of the issue on the last day but revealed that it was collaborating with government agencies and security companies to provide assistance to customers.
The company added, “impacted customers should contact our support teams for additional help and resources”.
One scan of connected devices showed just 10 percent of those exposed had installed the patches by Friday, though the number was growing. Because the patch does not get rid of the back doors, authorities in the United States are struggling to find out how to contact all of the victims and assist them in their hunt.
Users of the web version of Microsoft’s email client Outlook, who host the service on their infrastructure rather than cloud providers seem to be the most affected group.
Microsoft and the person working with the US response blamed the initial wave of attacks on a Chinese government-backed actor. According to a Chinese government spokesperson, the country was not responsible for the intrusions.
What began as a controlled attack against a few classic espionage targets last year developed into a widespread campaign last month. Security pointed out that unless China changed its strategy, a second group may have been involved.
As the code used to take control of the mail servers spreads, further attacks are expected from other hackers.
The government commented that hackers have only used back doors to re-enter and move around the infected networks in a small percentage of cases, perhaps less than 1 in 10.
Related: The first-ever tweet is up for sale!