Hackers are invading Microsoft Exchange


Illustration for the article Hackers are invading Microsoft Exchange

Photo: Jeenah moon (fake images)

Those Microsoft Exchange security flaws that you may have heard of they are really getting hit. If ever there was a time for cybersecurity reporters to spout metaphors that included phrases like “blood in water” and “deranged piranha swarm,” it could be now.

At least 10 separate advanced persistent threat actors (a fancy term for well-organized hacker groups) are targeting email product vulnerabilities, according to a recent report from ESET security company. This is contrary to what Microsoft initially said, which is that the flaws were being targeted primarily by a group, a “state-sponsored” threat actor located in China they call “HAFNIUM.”

Instead, ESET reports that Exchange is basically being looted by about a dozen different groups, all of whom They have names that sound like bad gamertags, including Tick, LuckyMouse, Calypso, Websiic, Winnti, TontoTeam, Mikroceen, and DLTMiner. Apparently there are also two other groups of hackers that have yet to be identified. So yeah, it’s a pretty big mess.

Hacking also appears to have recovered directly after Microsoft released its patches, as ESET’s report states that “the day after the patch was released” security researchers “began to see many more threat actors (including Tonto Team and Mikroceen) scanning and compromising Exchange servers en masse. ”

TO new report of DomainTools security researchers have also grown cold on the idea that “HAFNIUM” is actually a hacking group associated with the Chinese government. So besides everything else, it’s not even clear who or what “HAFNIUM” is:

“While that link [to the PRC] It is certainly possible and has not been ruled out, at the time of writing no conclusive evidence has emerged linking HAFNIUM’s operations with the People’s Republic of China (PRC). And HAFNIUM is also far from the only entity evaluated to attack this vulnerability. “

Who is it addressed to? According to a warning From the FBI released Wednesday, it appears the answer is: virtually everyone.

Threat actors have targeted local governments, academic institutions, non-governmental organizations, and commercial entities in multiple industrial sectors, including agriculture, biotechnology, aerospace, defense, legal services, energy utilities, and pharmaceuticals.

While entities in the U.S. say they are affected number 30,000 or more, so far it has been a slow trickle of disclosures, although local governments and small businesses they are believed to be some of the most attacked. On Wednesday, US officials said thatAs of yet, there is no evidence that federal executive agencies have been compromised by the attacks.

.

Source link