KrebsOnSecurity has reported that an estimated 30,000 U.S. companies, small businesses, and government offices were hacked over several days in early March by an "unusually aggressive Chinese cyber espionage unit."
The goal of the cyber espionage unit, which Microsoft calls "Hafnium", was to steal emails from its victims. KrebsOnSecurity stated that sources familiar with the hack said the cybercriminals exploited four flaws in Microsoft's Exchange server email software. These flaws allegedly gave Hafnium full remote control over the systems they hacked.
According to the White House press secretary, "significant" weaknesses were found in Microsoft's Exchange servers.
The cybercriminals left a hacking tool called "web shell" on each system that they infiltrated. The tool is protected by an easy password and can be accessed from any internet browser, according to KrebsOnSecurity. It gives the hackers administrative access to the targeted computer servers.
Microsoft released a security update to patch 2013 to 2019 versions of Exchange in early March. It also notified U.S. government agencies of the breach. The Prague municipality and the Czech Ministry for Labor and Social Affairs were also allegedly impacted by the cyberattack.
This is the eighth time in 12 months that Microsoft has reported state-sponsored cyberattacks.
A spokesperson for the Chinese Foreign Ministry responded to Microsoft's accusations by stating that there is not enough evidence to determine the origin of the cyberattack.
Exchange is used by companies, infectious disease researchers, defense contractors, law firms, non-governmental organizations, and universities, according to Microsoft. Fatma Khaled "At least 30,000 US organizations, small businesses and government offices were victims of Microsoft Exchange hack: Krebs" msn.com (Mar. 06, 2021).