Chinese cyber-espionage unit in U.S. hacking spree: report
At least 30,000 U.S. organizations including local governments have already been hacked in recent times by an "unusually extreme" Chinese cyber-espionage campaign, relating to a pc security specialist.
The campaign has exploited recently discovered flaws in Microsoft Exchange software, stealing email and infecting computer servers with tools that make it possible for attackers assume control remotely, Brian Krebs said in a post at his cyber security news website.
"This is a dynamic threat," White House spokeswoman Jennifer Psaki said when asked about the problem throughout a press briefing.
"Everyone performing these servers needs to act now to patch them. We are concerned that there are a large number of victims," she added.
After Microsoft released patches for the vulnerabilities on Tuesday, attacks "dramatically stepped up" on servers not yet updated with security fixes, explained Krebs, who cited unnamed sources familiar with the situation.
"At least 30,000 organizations over the USA -- including a substantial number of smaller businesses, towns, cities and local governments -- have in the last couple of days been hacked by an unusually aggressive Chinese cyber espionage unit that’s centered on stealing email from victim organizations," Krebs wrote in the post.
He reported that insiders said hackers have "seized control" of a large number of computer systems around the world using password-protected software equipment slipped into systems.
Microsoft said early this week a state-sponsored hacking group operating out of China is exploiting previously unknown security flaws in its Exchange email solutions to steal info from business users.
The company said the hacking group, which it has named "Hafnium," is a "very skilled and complex actor."
Hafnium has during the past targeted U.S.-established companies including infectious disease researchers, lawyers, universities, defense contractors, think tanks, and NGOs.
In a blog post on Tuesday, Microsoft executive Tom Burt said the business had introduced updates to fix the security flaws, which apply to on-premises versions of the software rather than cloud-based versions, and urged customers to use them.
"We know that lots of nation-condition actors and criminal groups will move quickly to take on advantage of any unpatched systems," he added at that time.
Microsoft said the group was located in China but operated through leased virtual private servers in the usa, and that it had briefed the U.S. government.
Beijing has previously reach back in U.S. accusations of state-sponsored cyber theft. This past year it accused Washington of smears following allegations that Chinese hackers had been attempting to steal coronavirus research.
In January, U.S. intelligence and police agencies said Russia was most likely behind the large SolarWinds hack that shook the federal government and corporate security, contradicting then-president Donald Trump, who got suggested China is to blame.
Microsoft said Tuesday the Hafnium attacks "were by no means linked to the separate SolarWinds-related attacks."
Source: japantoday.com
