Search This Blog

Showing posts with label Hafinum. Show all posts

Thousands of U.S. Organizations Attacked in a Chinese Cyber-Espionage Campaign

 

Microsoft Exchange servers have become the latest victim of Chinese-sponsored cyber-attack. Chinese hackers targeted the Microsoft Exchange Servers earlier this week exploiting the zero-day vulnerabilities. The vulnerabilities in servers allowed the hackers to target thousands of organizations around the globe.

According to the security experts, the group known as ‘Hafnium’ is responsible for targeting Microsoft’s Exchange servers and exploiting more than tens of thousands of email servers. As per a computer security expert, more than 30,000 US organizations, and hundreds of thousands worldwide have been targeted in recent days by an unusually aggressive Chinese cyber-espionage campaign.

Hafnium has targeted several US-based companies in the past including law firms, universities, infectious disease researchers, defense contractors, think tanks, and NGOs.

Brian Kerbs, independent cybersecurity first reported the 30,000 figure on Friday and posted a note on his website reading, this cyber-espionage campaign has exploited recently discovered flaws in Microsoft Exchange servers, stealing email, and corrupting computer servers with tools that allowed threat actors to take control remotely. He reported that insiders said threat actors have ‘seized control’ of thousands of computer systems around the globe using password-protected software tools.

White House spokeswoman Jennifer Psaki stated in a press conference - “We are concerned that there are a large number of victims and are working with our partners to understand the scope of this. Network owners also need to consider whether they have already been compromised and should take appropriate steps.” 

Microsoft Executive Tom Burt said the company had released updates to patch the security vulnerabilities, which apply to on-premises versions of the software rather than cloud-based versions, and requested customers to apply them and also highlighted that threat actors belonged to China but operated through leased virtual private servers in the United States. 

“We know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems”, he wrote in his blog post.