According to ESET researchers, an extraordinary number of people knew of an Exchange Server flaw, and the attacks could have been successful against many government systems around the world.
According to what was reported on Wednesday on the ESET WeLiveSecurity blog, at least 10 groups of hackers were aware of and exploited a previously unknown security vulnerability in Exchange Server, which security researchers in Taiwan first reported to Microsoft in early January and released by the software company in Early March. Unusual fixes. Initial information indicated that the vulnerability was being exploited by a Chinese group that carried out a limited number of targeted attacks, but since then reports of new incidents have emerged daily, highlighting an increasingly widespread and dangerous situation.
The US government agency responsible for cyber defense issued a special warning the day after to fix the bugs, and urged immediate action from potentially affected organizations, as installing patches alone will not solve problems with systems that have already been compromised. Vulnerabilities affecting multiple versions of Microsoft’s popular mail service have already affected tens of thousands of organizations around the world, according to reports last week, but this could be increased in scale as it becomes clear that more than just US organizations have occurred. Absolutely victim to attacks.
According to the latest news, the attacks also affected the computer infrastructure of the Norwegian Parliament, from which hackers obtained the data, and Germany’s cybersecurity authority said on Wednesday that as many as 60,000 systems could be affected in the country – 25,000 were not affected yet yesterday. Data updated or verified. Meanwhile, the European Banking Authority (EBA) has also revealed the value of cyber attacks based on vulnerabilities in Exchange Server, but it is not yet known that the attackers were able to obtain any data.
Correspondence is not just at stake
Although Microsoft first identified Haaknium as the perpetrator of attacks on high-end devices with a Chinese government background, ESET meanwhile said Nine other groups have also been identified, Which clearly tried to exploit this flaw to break the selected systems. According to the company’s researchers, it is quite unusual for the vulnerabilities to have so much access to relevant information before they are announced, which explains why they were either leaked before Microsoft announced them or were simply sold to cybercriminals by the third party.
Although ESET can only guess at the moment, researchers point out that the critical bugs announced at Microsoft on January 5 were also exploited by hacker groups around the same time. The blog post reveals there are already signs of actions that bypass cyber espionage and obtain emails, such as installing malware mining cryptocurrency. It could be even more dangerous if vulnerability exploiters in Exchange Server and backdoors detect criminals running extortion programs, as similar attacks would very easily lead to the same wide range of disruption due to the wide range of people involved.
