SAN FRANCISCO: At least 30,000 US organizations including local governments have been compromised in recent days by an “unusually aggressive” Chinese cyber espionage campaign, according to a computer security specialist.
Brian Krebs said in a post on his cybersecurity news website that the campaign exploited recently discovered flaws in Microsoft Exchange, stealing email and infecting computer servers with tools that allow attackers to take control remotely.
“This is an active threat,” said White House spokeswoman Jennifer Psaki when asked about the situation during a news conference.
“Everyone operating these servers needs to act now to correct them. We are concerned that there will be a large number of casualties,” she added.
After Microsoft released patches for vulnerabilities on Tuesday, attacks “have escalated dramatically” on servers that have not yet been updated with security fixes, said Krebs, who cited unnamed sources with knowledge of the situation.
“At least 30,000 organizations across the United States – Including a large number of small companies, towns, cities and local governments – It has been hacked over the past few days by an unusually aggressive Chinese cyber spy unit focused on stealing email from victim organizations, ”Krebs wrote in the post.
I have reported that insiders said that hackers “took control” of thousands of computer systems around the world using password-protected software tools that infiltrated the systems.
Microsoft said earlier this week that a state-sponsored hacking group operating from China was exploiting previously unknown security flaws in its Exchange email services to steal data from business users.
The company said that the hacking group, which it dubbed “Hafnium”, is “a highly skilled and sophisticated actor”.
Hafnium has in the past targeted US-based companies, including infectious disease researchers, law firms, universities, defense contractors, think tanks, and NGOs.
In a blog post on Tuesday, Microsoft CEO Tom Burt said the company has released updates to fix security flaws, which apply to local versions of the software rather than cloud-based versions, and urged customers to apply them.
“We know that many nation-state actors and criminal groups will move quickly to take advantage of any unprecedented systems,” he added at the time.
Microsoft said that the group was based in China, but it operates through virtual private servers rented in the United States, and that it has informed the US government about it.
Beijing has previously responded to US accusations of state-sponsored internet theft. Last year, Washington was charged with defamation after allegations that Chinese hackers were trying to steal research on the Coronavirus.
In January, US intelligence and law enforcement agencies said Russia may have been behind the massive SolarWinds hack that shook government and corporate security, contradicting then-President Donald Trump, who indicated that China could be responsible.
Microsoft said on Tuesday that the Hafnium attacks “were not in any way related to the separate SolarWind attacks.”