30,000 US agencies hacked by Chinese cyber espionage units: Report

The campaign has exploited recently discovered flaws in Microsoft Exchange software, stealing email and infecting computer servers with tools that let attackers take control remotely, Brian Krebs said in a post at his cyber security news website.
"This is an active threat," White House spokeswoman Jennifer Psaki said when asked about the situation during a press briefing. "Everyone running these servers needs to act now to patch them. We are concerned that there are a large number of victims," she added.(AFP)
"This is an active threat," White House spokeswoman Jennifer Psaki said when asked about the situation during a press briefing. "Everyone running these servers needs to act now to patch them. We are concerned that there are a large number of victims," she added.(AFP)
Published on Mar 06, 2021 11:07 AM IST
Copy Link
AFP |

At least 30,000 US organizations including local governments have been hacked in recent days by an "unusually aggressive" Chinese cyber-espionage campaign, according to a computer security specialist.

The campaign has exploited recently discovered flaws in Microsoft Exchange software, stealing email and infecting computer servers with tools that let attackers take control remotely, Brian Krebs said in a post at his cyber security news website.

"This is an active threat," White House spokeswoman Jennifer Psaki said when asked about the situation during a press briefing.

"Everyone running these servers needs to act now to patch them. We are concerned that there are a large number of victims," she added.

After Microsoft released patches for the vulnerabilities on Tuesday, attacks "dramatically stepped up" on servers not yet updated with security fixes, said Krebs, who cited unnamed sources familiar with the situation.

"At least 30,000 organizations across the United States including a significant number of small businesses, towns, cities and local governments -- have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that's focused on stealing email from victim organizations," Krebs wrote in the post.

Also read: US downplays possibility of sharing Covid-19 vaccines with Mexico

He reported that insiders said hackers have "seized control" of thousands of computer systems around the world using password-protected software tools slipped into systems.

Microsoft said early this week that a state-sponsored hacking group operating out of China is exploiting previously unknown security flaws in its Exchange email services to steal data from business users.

The company said the hacking group, which it has named "Hafnium," is a "highly skilled and sophisticated actor."

Hafnium has in the past targeted US-based companies including infectious disease researchers, law firms, universities, defence contractors, think tanks, and NGOs.

In a blog post on Tuesday, Microsoft executive Tom Burt said the company had released updates to fix the security flaws, which apply to on-premises versions of the software rather than cloud-based versions, and urged customers to apply them.

"We know that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems," he added at the time.

Microsoft said the group was based in China but operated through leased virtual private servers in the United States, and that it had briefed the US government.

Beijing has previously hit back at US accusations of state-sponsored cyber theft. Last year it accused Washington of smears following allegations that Chinese hackers were attempting to steal coronavirus research.

In January, US intelligence and law enforcement agencies said Russia was probably behind the massive SolarWinds hack that shook the government and corporate security, contradicting then-president Donald Trump, who had suggested China could be to blame.

Microsoft said Tuesday the Hafnium attacks "were in no way connected to the separate SolarWinds-related attacks."

SHARE THIS ARTICLE ON
Close Story
QUICKREADS

Less time to read?

Try Quickreads

  • In this screen shot from video of her 2016 court appearance, romance writer Nancy Crampton Brophy appears in Multnomah County Circuit Court in Portland.

    She wrote on 'how to murder your husband'. Then her husband was found dead

    A writer who penned a piece titled "How To Murder Your Husband" is on trial in the United States for...killingnovelist Nancy Crampton Brophy'sr husband. Prosecutors say the 71-year-old writer was struggling to make payments on her mortgage, but kept up multiple life assurance policies that would pay out a total of $1.4 million in the event of hDandemise. Daniel Brophy, 63, was found dead that morning by students readying for a class.

  • Right now, about a third of the US population lives in areas that are considered at higher risk — mostly in the Northeast and Midwest.

    Covid-19: A third of US should be considering masks, officials say

    Covid-19 cases are increasing in the United States — and could get even worse over the coming months, federal health officials warned Wednesday in urging areas hardest hit to consider reissuing calls for indoor masking. Increasing numbers of Covid-19 infections and hospitalizations are putting more of the country under guidelines issued by the US Centers for Disease Control and Prevention that call for masking and other infection precautions.

  • A Member of the FBI search for evidence at the scene of a weekend shooting at a Tops supermarket in Buffalo, New York, on May 18, 2022. 

    New York: 911 dispatcher who took Buffalo shooting call put on leave

    A 911 dispatcher has been placed on leave and may lose her job after allegedly hanging up on an supermarket employee hiding during this weekend's shooting rampage in Buffalo, New York. “Termination will be sought” for the dispatcher at a disciplinary hearing later this month, said spokesperson for the executive of Erie County, Peter Anderson, in an email to The Associated Press on Wednesday. Anderson said it's unclear who hung up on whom.

  • An image from April of Sri Lanka Air Force members guarding the Prime Minister's official residence, Temple Trees, amid the country's economic crisis, in Colombo. (REUTERS)

    Sri Lanka economic crisis: CID interrogates 4 MPs over attacks on protesters

    A team of Sri Lanka's Criminal Investigations Department have questioned four Members of Parliament (MPs), including two former ministers, over last week's violence against protesters at two protest sites in Colombo, the country's largest city, local media has reported. According to reports, a CID team arrived at the Parliament Complex on Wednesday to interrogate--with the Speaker's permission--and record the statements of Rohitha Abeygunawardena and CB Ratnayake, both former ministers.

  • An image created during an investigation into an outbreak of monkeypox, which took place in the Democratic Republic of the Congo (DRC), 1996 to 1997, shows the hands of a patient with a rash due to monkeypox.

    US reports 1st monkeypox case of 2022: 10 things to know

    Though this is the first confirmed case in the United States, the US Centers for Disease Control and Prevention is preparing for the possibility of more monkeypox cases. Here are 10 things to know about monkeypox and the 1st case in the United States in 2022 1. The Massachusetts man travelled to Canada at the end of April to meet friends and returned in early May. This is the first case of monkeypox this year.

SHARE
Story Saved
×
Saved Articles
Following
My Reads
Sign out
New Delhi 0C
Thursday, May 19, 2022