At Least 30,000 U.S. Organizations Newly Hacked via Holes in Microsoft’s Email Software

Brian Krebs, Krebs on Security:

At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems. […]

In each incident, the intruders have left behind a “web shell,” an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers.

Speaking on condition of anonymity, two cybersecurity experts who’ve briefed U.S. national security advisors on the attack told KrebsOnSecurity the Chinese hacking group thought to be responsible has seized control over “hundreds of thousands” of Microsoft Exchange Servers worldwide — with each victim system representing approximately one organization that uses Exchange to process email.

Microsoft Windows and Exchange have always been insecure, and probably always will be. It’s amazing how many widely-publicized hacks you can ignore if you just never use Windows or use Exchange server software. The massive SolarWinds hack exposed last month only affected organizations running Microsoft’s IT infrastructure too.

Saturday, 6 March 2021