Here We Go Again, Another Mass-Hacking Story

Just a few months after news broke on the SolarWinds hacking, we have another massive, state-sponsored attack on our hands.

Multiple weak points in Microsoft’s Exchange Server software have led to tens of thousands of US government and commercial organizations having their emails hacked, according to a string of escalating reports over the weekend.

Here’s What We Know

The Gory Details: Microsoft said it can peg with “high confidence” the perpetrator as an outfit called “Hafnium,” a state-sponsored Chinese hacking group. According to reports, hackers had uninterrupted access for nearly two months.

The president of cybersecurity firm Volexity said, “If you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised.”

• Estimates of the number of worldwide victims ranged from a few thousand to more than 250,000, according to some insiders.
• Hackers reportedly used a “shotgun” approach to infect as many servers as possible — everyone from large government agencies to local ice cream shops.

According to Microsoft, the hackers were also likely able to install malware that will allow them to gain access at a later date, compounding the difficulty of cleaning up the breach.

Why It Matters: In an increasingly digitized world reliant on intellectual property and data, the fallout of successful hacking events continues to grow.

According to Dutch newspaper De Volkskrant, Russian intelligence agencies and Chinese spies were behind the cyberattacks on the European Medicines Agencies, which exposed information relating to coronavirus vaccines and treatments. Russian intruders reportedly had access for over a month, with high interest in “the destinations and purchase sizes for the Pfizer/BioNTech vaccine.”

the takeaway

One positive takeaway on the Microsoft front — users of 365 email platform were not reportedly infected. Small wins.