At Least 30,000 U.S. Organizations Compromised Through Microsoft Exploit

At least 30,000 U.S. governmental and commercial organizations have been hacked via a recently discovered Microsoft Exchange Server exploit. One source told the Wall Street Journal that the actual number of organizations impacted could reach 250,000. Cybersecurity experts believe the hackers had access to Microsoft customers’ systems for about two months before the tech giant patched the problem.

Breitbart News recently reported that tech giant Microsoft recently warned customers that it believes a Chinese-stated backed hacking group, referred to as Hafnium, has used four previously undisclosed security flaws in Microsoft’s Exchange Server enterprise email product in an attempt to steal private information.

Microsoft stated that the group exploited the software in an attempt to steal information from a number of U.S.-based organizations including law firms and defense contractors but also appeared to target infectious disease researchers and policy think tanks.

According to Microsoft, Hafnium used four newly discovered security vulnerabilities to hack into Exchange email servers running on company networks, giving the hackers the ability to steal information from a victim’s organization.

Now, a recent report by KrebsOnSecurity, founded by Brian Krebs, a cybersecurity expert and former Washington Post reporter, claims that over 30,000 U.S. governmental and commercial organizations have had their emails hacked. Wired is also reporting that “tens of thousands of email servers” have been compromised.

The Wall Street Journal reports that sources claim the number of impacted organizations could be much higher, as high as 250,000 governmental organizations and business.

Many of those victims of the attack, which Microsoft has said was carried out by a network of suspected Chinese hackers, appear to be small businesses and state and local governments. Estimates of total world-wide victims were approximate and ranged broadly as of Friday. Tens of thousands of customers appear to have been affected, but that number could be larger, the people said. It could be higher than 250,000, one person said.

While many of those affected likely hold little intelligence value due to the targets of the attack, it is likely to have netted high-value espionage targets as well, one of the people said.

Microsoft claims that it has since patched the exploits but experts told Krebs that the detection and cleanup process will be a huge effort for the thousands of state and city governments, school districts, financial institutions, fire and police departments, and other organizations.

According to KrebsOnSecurity, the attack began on January 6 but ramped up in late February. Microsoft released patches on March 2 which means that hackers had nearly two months to gain access to email servers.

Steven Adair, the founder and President of Volexity the cybersecurity firm which discovered the attack, told Krebs that “if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised.”

A Microsoft spokesperson said that the tech giant is “working closely with the [Cybersecurity and Infrastructure Security Agency], other government agencies, and security companies, to ensure we are providing the best possible guidance and mitigation for our customers.” The company added that “[t]he best protection is to apply updates as soon as possible across all impacted systems.”