The ‘unusually aggressive’ cyberattack Microsoft accuses China of
A powerful hack into Microsoft’s email service puts tens of thousands of organizations at risk.
And the scale of the filtration is only beginning to be dimensioned, according to specialists.
Microsoft claims to have a “high level of confidence” that behind it is a group of attackers sponsored by China, something that Beijing denies.
Last week when the attack was released, it was thought to have been limited, but then an increase in the use of these tactics has been reported, perhaps because other hackers are taking advantage of system weaknesses that were made public. according to Gordon Corera, BBC security correspondent.
Joe Tidy, a BBC technology journalist, says that while many may think of this as just another cybersecurity crisis, it is actually an “extremely serious” hack.
Brian Krebs, a computer security specialist, called the attack “unusually aggressive.”
At first it was said that some 30,000 organizations in the United States could have been affected.
Now, however, it is estimated that there could be about 60,000 victims, according to a report by the Bloomberg agency citing an anonymous source from the US government.
Victims have already been reported outside the US.
This Monday, the European Banking Authority confirmed that its mail servers had been compromised as a result of this hack.
Among the targets of what Microsoft considers an attack can be local governments, small businesses and also large banks.
Microsoft Exchange is an email service widely used by large companies and governments, but so far few organizations have admitted to being the victims of the attack.
Over the weekend, the US authorities warned that this situation still represents an “active threat.”
What is known of the attack?
Since March 2, Microsoft reported that its systems were under attack.
The leak exploits a Microsoft Exchange vulnerability, or password theft, to impersonate someone with authorized access to the system.
If he manages to get in that way, the attacker can take control of the email account remotely and steal data.
Accusations against China
Microsoft has singled out a group known as Hafnium as being responsible for the attack with the backing of the Chinese government.
China has denied the allegations.
Microsoft spokespersons have said that Hafnium “primarily targets US entities,” stealing information from organizations such as “infectious disease researchers, law firms, educational institutions, defense contractors, public policy think tanks and NGOs.”
The cybersecurity company Huntress, however, says that 300 of its partners who do not meet that profile have been affected.
Among them, he mentions local governments, health centers, banks and electricity companies, but also others “less sexy” such as an ice cream parlor, small hotels and nursing homes.
Outside the US, the European Banking Authority reported that it had been infiltrated and that the attackers may have had access to personal data.
What is Microsoft doing?
News of the hack prompted the US Cybersecurity and Infrastructure Security Agency (Cisa) to publish an emergency directive calling on agencies and departments to take urgent action.
Jake Sullivan, the White House national security adviser, also urged the owners of these systems to download security patches as soon as possible.
Microsoft has not confirmed the number of reported victims, but says it is working closely with the US government.
He informed his users that the “best protection” is “to make updates as soon as possible on all impacted systems.”
It also said it was implementing some mitigation techniques designed to help those who cannot update quickly, but cautioned that they are not “a solution if their Exchange servers have already been compromised, nor are they total protection against attacks.”
Microsoft maintains that the attack is in no way related to the SolarWinds attack, which hit US government agencies late last year.
Analysis by Joe Tidy, BBC tech journalist
An unsuspecting reader will be forgiven for considering this to be just another cybersecurity crisis.
After all, the US government is still dealing with the widespread SolarWinds attacks that occurred in December.
But the Microsoft Exchange hack is itself extremely serious for a number of reasons.
The SolarWinds attack was straightforward. It was about Russia stealing US national security intelligence.
In the case of Microsoft Exchange, a Chinese hacking team called Hafnium is blamed, but their motives are less clear.
Some small government agencies may be affected, but the victims here are a much more diverse group of organizations, from large banks to small businesses.
In addition, the number of hackers taking advantage of the new techniques developed by Hafnium appears to be multiplying.
The attacks that have been reported are so numerous that there are already indications that other groups, including cybercriminal gangs, may also be getting involved.
It’s a disaster.
Now you can receive notifications from BBC Mundo. Download the new version of our app and activate them so you don’t miss out on our best content.
BBC-NEWS-SRC: https://www.bbc.com/mundo/noticias-56299627, IMPORTING DATE: 2021-03-09 02:40:06