Researchers suggest 10+ hacking groups are using Microsoft software flaw

Platform Industry: Microsoft logo

At least 10 different hacking groups are using a recently discovered flaw in Microsoft Corp’s mail server software to break in to targets around the world, cybersecurity company ESET said in a blog post.

The breadth of the exploitation adds to the urgency of the warnings being issued by authorities in the US and Europe about the weaknesses found in Microsoft’s Exchange software.

The security holes in the widely used mail and calendaring solution leave the door open to industrial-scale cyber espionage, allowing malicious actors to steal emails virtually at will from vulnerable servers. Tens of thousands of organizations have already been compromised, Reuters reported last week, and new victims are being made public daily.

Earlier on Wednesday, for example, Norway’s parliament announced data had been “extracted” in a breach linked to the Microsoft flaws. Germany’s cybersecurity watchdog agency also said two federal authorities had been affected by the hack, although it declined to identify them.

While Microsoft has issued fixes, the sluggish pace of many customers’ updates – which experts attribute in part to the complexity of Exchange’s architecture – means the field remains at least partially open to hackers of all stripes.

Related Article:
US agency submits initial recommendations on app data security to White House

Microsoft did not immediately return a message seeking comment on the pace of customers’ updates. In previous announcements pertaining to the flaws, the company has emphasized the importance of “patching all affected systems immediately.”

Although the hacking has appeared to be focused on cyber espionage, experts are concerned about the prospect of ransom-seeking cybercriminals taking advantage of the flaws because it could lead to widespread disruption.

Platform Industry: Hackers and cyber security

ESET’s blog post said there were already signs of cybercriminal exploitation, with one group that specializes in stealing computer resources to mine cryptocurrency breaking in to previously vulnerable Exchange servers to spread its malicious software.

ESET named nine other espionage-focused groups it said were taking advantage of the flaws to break in to targeted networks – several of which other researchers have tied to China. Intriguingly, several of the groups appeared to know about the vulnerability before it was announced by Microsoft on the 2nd of March.

“Multiple likely-China groups”

Ben Read, a manager with cybersecurity company FireEye, said he could not confirm the exact details in the ESET post but said his company had also seen “multiple likely-China groups” using the Microsoft flaws in different waves.

Related Article:
Oracle launches Arm-based cloud computing service using Ampere chips

ESET researcher Matthieu Faou said in an email it was “very uncommon” for so many different cyber espionage groups to have access to the same information before it is made public.

He speculated that either the information “somehow leaked” ahead of the Microsoft announcement or it was found by a third party that supplies vulnerability information to cyber spies.

The team at Platform Executive hope you have enjoyed the ‘Researchers suggest 10+ hacking groups are using Microsoft software flaw‘ article. Translation from English to a growing list of other languages via Google Cloud Translation. Initial reporting via our official content partners at Thomson Reuters. Reporting by Raphael Satter and Christopher Bing in Washington. Editing by Matthew Lewis.

Stay on top of all the latest developments across the platform economy and gain access to our problem-solving tools, proprietary databases and content sets by becoming a member of our community. For a limited time, subscription plans start from just $16 per month.

Share this Article