A Chinese hacking group has compromised hundreds of thousands of email accounts by exploiting security flaws in Microsoft Exchange Server, according to a report by security news website KrebsOnSecurity. The attack has so far affected at least 60,000 known organisations globally, according to a former senior US official who is aware of the probe.
The Microsoft Exchange Server is an email service used by several organisations and government bodies across the world, including India.
In light of the cyber attack, India’s national cybersecurity agency, Computer Emergency and Response Team (CERT-In) had issued an advisory on March 5. “Multiple vulnerabilities exist in Microsoft Exchange Server because of an untrusted connection with Exchange Server on port 443. A remote attacker could exploit these vulnerabilities by enticing the target user to open a specially crafted file," the CERT-In advisory warned.
Among the global victims of the hack, several of them are reportedly small and medium-sized businesses. Some of the victims identified so far include banks, electricity providers, and senior citizen homes.
US national security officials have been taken by surprise due to the severity of the attack, as the hackers were able to hit multiple victims in a short span of time. The hackers seemed to have automated the entire process in the final phases of the attack, leading to tens of thousands of new victims within a matter of days, as per researchers.
A White House official flagged the incident as an active threat, which is still developing, and urged network operators to take it seriously.
Cybersecurity firm Volexity, had first discovered the attacks, which started as early as January 6, by the Chinese hacking group that Microsoft calls ‘Hafnium’.
Meanwhile, a Chinese foreign ministry spokesperson said that the country, “firmly opposes and combats cyber attacks and cyber theft in all forms" and indicated that blaming a specific country was a “highly sensitive political issue."