The hacking has already reached more places than all of the
tainted code downloaded from SolarWinds, the company at the heart of another
massive hacking spree uncovered in December.
The latest hack has left channels for remote access spread
among credit unions, town governments and small businesses, according to
records from the US investigation.
Tens of thousands of organisations in Asia and Europe are
also affected, the records show.
The hacks are continuing despite emergency patches issued by
Microsoft on Tuesday.
Microsoft, which had initially said the hacks consisted of
"limited and targeted attacks," declined to comment on the scale of
the problem on Friday but said it was working with government agencies and
security companies to provide help to customers.
It added, "impacted customers should contact our
support teams for additional help and resources."
One scan of connected devices showed only 10 percent of
those vulnerable had installed the patches by Friday, though the number was
rising.
Because installing the patch does not get rid of the back
doors, US officials are racing to figure out how to notify all the victims and
guide them in their hunt.
All of those affected appear to run Web versions of email
client Outlook and host them on their own machines, instead of relying on cloud
providers. That may have spared many of the biggest companies and federal
government agencies, the records suggest.
The federal Cybersecurity and Infrastructure Security Agency
did not respond to a request for comment.
Earlier on Friday, White House press secretary Jen Psaki
told reporters that the vulnerabilities found in Microsoft's widely used
Exchange servers were "significant," and "could have
far-reaching impacts."
"We're concerned that there are a large number of
victims," Psaki said.
Microsoft and the person working with the US response blamed
the initial wave of attacks on a Chinese government-backed actor. A Chinese
government spokesman said the country was not behind the intrusions.
What started as a controlled attack late last year against a
few classic espionage targets grew last month to a widespread campaign.
Security officials said that implied that unless China had changed tactics, a
second group may have become involved.
More attacks are expected from other hackers as the code
used to take control of the mail servers spreads.
The hackers have only used the back doors to re-enter and
move around the infected networks in a small percentage of cases, probably less
than 1 in 10, the person working with the government said.
"A couple hundred guys are exploiting them as fast as
they can," stealing data and installing other ways to return later, he
said.
The initial avenue of attack was discovered by prominent
Taiwanese cyber researcher Cheng-Da Tsai, who said he reported the flaw to
Microsoft in January. He said in a blog post that he was investigating whether
the information leaked.
He did not respond to requests for further comment.
© Reuters
0 comments:
Post a Comment