Security researchers reported that in the past few days, at least 30,000 organizations in the US have been hacked by an unusually aggressive Chinese cyber espionage unit that focuses on theft of emails. The researchers say many of the organizations the law applies to include small businesses, cities, and local governments. The group of hackers took advantage of four newly discovered bugs in Microsoft Exchange Server email software.
The hackers were able to equip hundreds of thousands of victim organizations worldwide with tools with which the hackers can gain complete control over the affected systems. Microsoft is trying to fight the hackers and on March 2nd released security updates for emergencies that have closed four security holes in the Exchange Server versions 2013 to 2019 and are actively being exploited. In the days following these security patches, security experts say the Chinese cyber espionage group has stepped up attacks on vulnerable and unpatched Exchange servers around the world.
With each incident, the hackers left a web shell, a user-friendly and password-protected tool that can be accessed from any browser over the Internet. This web shell can give the hackers administrative access to the victim’s computer. The hackers have taken control of hundreds of thousands of Microsoft Exchange servers around the world, according to two unnamed cybersecurity experts who attended briefings with US national security advisors.
The group has targeted email systems in a variety of industries, from infectious disease researchers to law firms, defense companies, and others. The attack was first discovered by a company called Volexity. The company states that even those who patched their Exchange Server on the same day the patches were released are very likely to have a web shell on the server. The researchers say any company running Exchange that hasn’t patched is likely already compromised.
Ref: https://www.slashgear.com
