Microsoft Corporation has been hit with a sophisticated cyberattack, which is expected to morph into a global cyber crisis as it affects small businesses and financial institutions alike. Microsoft believes that a Chinese-government-backed hacker group is behind the attack. The threat actors would exploit business email software to infect as many users as possible before firms could secure their systems.
The European Banking Authority, one of the first known victims, said last Sunday that personal data stored on their Microsoft server is likely compromised. Organizations like banks, electricity providers, and senior citizen homes, and many more, were also affected. An undisclosed US cyber tech company is said to be working with at least 50 victims, trying to determine what data has been stolen.
The hacking group, which Microsoft calls Hafnium, appears to be targeting private and government computer networks through Microsoft’s Exchange email software. The attackers initially targeted high-value intelligence targets in the US but changed their tactics a week ago when they started hitting thousands of victims over a short period, inserting software that could give them access later.
The initial infections appear to have been a result of automated scanning and malware installation, experts explain. However, investigators are yet to find out the attackers’ next steps.
“If you are running an Exchange server, you most likely are a victim,” said Steven Adair, head of cyber intelligence company Volexity. The expert explained that the attackers were doing mass exploitation, not discriminating between industries, server proposes, or server sizes. The attackers likely planned to compromise as many machines as possible, and then determine the value of the exfiltrated data.
The White House Will Fight Back
With this attack coming only months after the SolarWinds breach, which allegedly was performed by a Russian attack group, Washington is preparing its answer to foreign cyberattacks. News outlets report talks about a series of clandestine actions across Russian networks, as well as economic sanctions. President Joe Biden is expected to shore up federal agencies against Russian hacking.
“We are undertaking a whole of government response to assess and address the impact. The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to agencies and we’re now working with our partners and looking closely at the next steps we need to take,” a White House official said.
Both the most recent attacks and the SolarWinds breach take advantage of hard-to-find vulnerabilities to breach the systems. These complex cyberattacks initially blast at a wide range of computers, but later narrow to more targeted operations as attackers focus their efforts.
Cybersecurity experts explain that affected organizations could take weeks or months to recover their systems. While Microsoft provides bug fixes, these updates are not sufficient to remove the attackers from a network. The White House emphasized that victims should review the affected networks, carefully combing through their computers for signs of the attackers.