A wisely planned attack on Microsoft Corp.’s majorly used business email software is transforming into a global cyber security crisis, as hackers race to infect as many victims as possible before companies can secure their computer systems.
According to a former senior US official who is aware of the attack, which Microsoft started with a Chinese government-backed hacking group, has so far claimed at least 60,000 known victims globally. A lot of them were small or medium-sized businesses that put attackers caught in a wide net as Microsoft worked towards shutting down the hack.
Of all the victims identified uptill now, so far they consist of banks and electricity providers, and also senior citizen homes and an ice cream company. The entire information is based upon Huntress, a firm operating in Ellicott City, Maryland that monitors customer safety.
An American cyber security company, unnamed, said that its experts were working with at least 50 victims alone, trying to determine what kind of data the hackers took while trying to dismiss them at the same time. The fast-growing attack ignited concern from US national security officials, as hackers were able to kill the victims so quickly.
An official from White House wrote an email on Saturday which reads, “We are giving an in depth government response to assess the impact and address it. It is still an active threat developing and we request network operators to take it very seriously.”
The Chinese hacking group, which Microsoft calls Hafnium, appears to have been breaching private and government computer networks for a lot of months through the company’s popular Exchange email software. Initially according to Steven Adair, only a small number of victims were the target. Northern Virginia-based Volexity, the cybercity company helped Microsoft identify the flaws which were being used by hackers. The flaws were rectified and the Microsoft corp released a fix for the same on Tuesday.
This is the second cyber security crisis in the past few months. After suspected Russian hackers came through an update tampered with nine federal agencies and at least 100 companies from IT management software maker SolarWinds LLC. Cyber security experts who protect the world’s computer systems express a growing sense of frustration and exhaustion.
“The good guys are getting tired,” said Charles Carmakal, a senior vice president at FireEye Inc., the Milpitas, California-based cybersecurity company.
The recent incident and SolarWinds attacks create the fragility of modern networks and the diligence of state-sponsored hackers to identify or spy on hard-to-find vulnerabilities. They also include complex cyberbats, with an initial blast radius of a large number of computers, which are then compressed as attackers focus their efforts, which can take weeks or months for affected organizations to resolve.
In the case of Microsoft Bugs, attackers cannot be removed from a network by applying updates provided by the company. Carmakal said that the affected systems needed to be reviewed. And the White House insisted on this, including a tweet from the National Security Council urging a growing list of victims to carefully comb through their computers for signs of attackers. Typically, Chinese hackers appeared to target high-value intelligence targets in the US. Adair said about a week ago, everything changed. He said that other unknown hacking groups started killing thousands of victims in a short period of time, putting hidden software that could give them access later.
“They moved into the city and started exploiting extensively – not in relation to purpose or size or industry, indiscriminate attacks that compromised Exchange servers around the world,” Adair said. “They were killing any and every server they could.”
Adair said other hacking groups found similar flaws and launched their own attacks – or that China wanted to capture as many victims as possible, and then settle them, who had intelligence value.