A recent blog post by cybersecurity firm ESET has revealed that at least ten separate hacking groups are using the recently discovered flaws in US-based tech giant Microsoft’s mail server software to break into targets around the world.
The complexity of the attack heightens the urgency of alerts provided by authorities in the United States and Europe about vulnerabilities in Microsoft’s Exchange software.
The commonly used mail and calendaring solution’s security flaws open the door to industrial-scale cyber theft, allowing malicious actors to steal emails from compromised servers at will or move elsewhere in the network. Tens of thousands of organizations have already been hacked, and new victims are being exposed regularly.
Norway’s parliament, for example, revealed earlier on the last day that data had been “extracted” in a breach related to the Microsoft flaws. On Wednesday, Germany’s cybersecurity watchdog agency said the hack had impacted two federal authorities, even though it refused to call them.
Although Microsoft has published patches, the slow speed of many customers’ updates which experts attribute in part to Exchange’s complexity means that the field is still open to hackers of all forms. Any back door access that has already been left on the computer is not disabled by the patches.
Microsoft declined to comment on the rate at which customers are getting updates. The organization has previously stressed the importance of “patching all affected systems immediately” in prior statements about the bugs.
While it appears that the hacking was targeted at cyber espionage, experts are worried that ransom-seeking cybercriminals could exploit the vulnerabilities, causing widespread disruption.
ESET’s blog post said that there had already been signs of cybercriminal exploitation, with one group specializing in stealing computer resources to mine cryptocurrency breaking into previously insecure Exchange servers to spread its malicious software.
The cybersecurity firm also identified nine other espionage-focused groups that it claimed were exploiting the vulnerabilities to break into targeted networks, some of which have been linked to China by other researchers. China has been blamed by Microsoft for the hack. The Chinese government denies any involvement.
Mr. Ben Read, director of cybersecurity company FireEye Inc stated that he could not confirm the exact details in the ESET post but said his company had also seen “multiple likely-China groups” using the Microsoft flaws in different waves.
On January 5, Taiwan-based researchers notified Microsoft that they had discovered two new flaws that needed to be patching. The attackers started using those two shortly before or after the friendly post. Since manipulation was discovered in the wild the following week, they said they were looking into whether there had been a theft or leak on their side.
Hackers who are at the top of their game are often attacked by other hackers. Microsoft just fixed one of the bugs used by alleged North Koreans to steal information from Western researchers earlier this week.
However, researchers often make simultaneous observations, in part because they use the same or similar methods to look for significant vulnerabilities, and many eyes are aiming at the same high-value targets.