Hacking attack on Microsoft software

At least 30,000 American companies and authorities are apparently affected by a Chinese hacker attack. The Biden government is alarmed.

Microsoft New York office

EA widely used software from Microsoft has been the target of a hacking attack. It apparently originated in China and met companies, authorities and other organizations all over the world. There are said to be at least 30,000 affected areas in the United States alone.

The government is so alarmed that it is now putting together a working group with representatives from the Federal Police FBI and the cybersecurity agency Cisa. White House spokeswoman Jen Psaki said the attack could have “far-reaching consequences” and “cause a large number of casualties.” The attack also hit Germany. The Federal Office for Information Security (BSI) announced via Twitter that tens of thousands of network computers (servers) in this country are already infected and can be attacked via the Internet. Organizations of all sizes are affected.

“In all likelihood a victim”

The hackers targeted Microsoft’s Exchange email software, the version that companies installed in their own data centers, not the “cloud computing” version that runs on Microsoft’s systems themselves. The company made the attack public last Tuesday, identified Chinese government agencies as the masterminds and gave them the name “Hafnium”.

The attackers exploited security holes to gain access to the Exchange software. They would then have created some kind of back door that allowed them to steal data. Microsoft released a security update on the same day.

The dimensions of the attack only became clear a few days later. Renowned security researcher Brian Krebs published an article on his website in which he spoke of more than 30,000 affected organizations in the United States and several hundred thousand victims around the world. Krebs called the attack “unusually aggressive” and spoke of four security holes in the Exchange software that the hackers took advantage of.

Steven Adair, the head of the security specialist Volexity, who helped Microsoft to uncover the attack, told the Bloomberg news agency: “Anyone who runs an Exchange server is in all likelihood a victim.” The update published by Microsoft apparently only partially exposes the attackers the craft. Companies whose systems were compromised before they received the update are still vulnerable to data theft.

Representatives of the American government spoke of an “active threat”. Volexity boss Adair said the attack began at the beginning of January, it initially took place on a rather small flame and targeted individual victims. In the days before Microsoft made the attack public, the hackers had increased the pace rapidly and attacked more and more organizations, apparently in an automated process. How much data they have stolen so far is unclear.