Washington: More than 30,000 US organisations including local governments came under attack allegedly by Chinese hackers in recent days by what has been described as an “unusually aggressive” Chinese cyber-espionage campaign, a computer security specialist said here on Saturday.
The hackers exploited the recently discovered flaws in Microsoft Exchange software, stealing email and infecting computer servers with tools that allowed attackers to take control remotely, Brian Krebs said in a post at his cybersecurity news website.
“This is an active threat,” White House spokeswoman Jennifer Psaki said when asked about the situation during a press briefing, adding that “Everyone running these servers needs to act now to patch them. We are concerned that there are a large number of victims.”
After Microsoft released patches for the vulnerabilities on Tuesday, attacks “dramatically stepped up” on servers not yet updated with security fixes, said Krebs, who cited unnamed sources familiar with the situation.
The company said the hacking group, which it has named “Hafnium,” is a “highly skilled and sophisticated actor”.
Hafnium has targeted US-based companies in the past, including infectious disease researchers, law firms, universities, defence contractors, think-tanks, and NGOs.
“At least 30,000 organisations across the United States – including a significant number of small businesses, towns, cities and local governments – have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations,” Krebs wrote in the post.
He reported that insiders said hackers have “seized control” of thousands of computer systems around the world using password-protected software tools slipped into systems.
The hackers have only used the back doors to re-enter and move around the infected networks in a small percentage of cases, probably less than one in 10, the person working with the government said.
“A couple hundred guys are exploiting them as fast as they can,” stealing data and installing other ways to return later, he said.
The initial avenue of attack was discovered by prominent Taiwanese cyber-researcher Cheng-Da Tsai, who said he reported the flaw to Microsoft in January. He said in a blog post that he was investigating whether the information leaked.