Cybersecurity firm Eset said in a blog post on Wednesday that at least 10 different hacking groups are using a recently discovered flaw in Microsoft Corp’s mail server software to break into targets around the world.
The scale of the exploitation increases the urgency of warnings issued by authorities in the United States and Europe about vulnerabilities in the Microsoft Exchange program.
Security vulnerabilities in a widely used Mail and Calendar solution left the door open to industrial-scale cyber espionage, allowing malicious actors to virtually steal email messages as they wanted from vulnerable servers.
Reuters reported last week that tens of thousands of organizations have already been compromised, and new victims are reported daily.
Earlier on Wednesday, for example, the Norwegian parliament announced that the data had been “extracted” in a breach related to Microsoft’s flaws.
Germany’s cybersecurity watchdog said on Wednesday that two federal authorities were affected by the hack, although it refused to specify them.
While Microsoft has released fixes, updates are slow for many customers – Experts attribute in part to the complexity of the Exchange architecture – It means the field is still at least partially open to hackers of all stripes.
Microsoft declined to comment on the frequency of customer updates. In previous announcements regarding defects, the company stressed the importance of “promptly correcting all affected systems”.
Although hacking appears to be focused on cyber espionage, experts are concerned about the possibility that cybercriminals seeking ransoms may take advantage of flaws as it could lead to widespread disruption.
The Eset blog reported that there are already signs of cyber criminals exploiting, with a group specializing in stealing computer resources to mine cryptocurrencies and break into previously vulnerable Exchange servers to spread their malware.
ESET identified nine other groups focused on espionage that it said were exploiting the vulnerabilities to break into targeted networks – Many of them have linked other researchers to China. Microsoft blamed China for the hack. The Chinese government denies any role.
Interestingly, many groups appeared to be aware of the vulnerability before it was announced by Microsoft on March 2.
Ben Reed, director of cybersecurity company FireEye, said he could not confirm the exact details in the Eset post, but said his company had also seen “multiple potential Chinese groups” using Microsoft’s flaws in various waves.
Eset researcher Matthew Fu said in an email that it is “very uncommon” for many different cyber espionage groups to have access to the same information before it is made public.
He speculated that the information was either “leaked in some way” prior to Microsoft’s announcement or was found by a third party providing information to the Internet spies about the vulnerabilities.