Bermuda Post

Saturday, Apr 20, 2024

Microsoft warns multiple groups attacking clients' email servers, not just Chinese hackers

Microsoft warns multiple groups attacking clients' email servers, not just Chinese hackers

Researchers fear that cyber criminals could exacerbate an initial hacking campaign attributed to a state-sponsored group in China.

Microsoft has warned that "multiple actors" are attacking its clients' email servers following a global hacking campaign which it last week attributed to a China-based state-sponsored group.

Researchers fear the tools used by the initial state-sponsored attackers to access Microsoft Exchange servers could now be exploited by criminals, with calls growing for President Biden to urgently raise the issue with Beijing.

The Chinese state-sponsored campaign is believed to have indiscriminately compromised tens of thousands of on-premise email servers worldwide with an intention to subsequently target specific victims.

Calls are growing for President Joe Biden to intervene.


Last week government security authorities amplified Microsoft's urgent call for customers running on-premise Exchange servers to apply the patch, and the company is now warning that there are multiple groups taking advantage of unpatched systems.

Microsoft initially warned that the state-sponsored group "primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks, and NGOs".

After compromising email servers belonging to these organisations, Microsoft said the attackers created web shells - interfaces which allow them to remotely access the compromised network even after the original vulnerabilities were patched - which is provoking additional concern.

Because the campaign was so broad, not all of the compromised servers are operated by organisations that would typically be of interest to cyber spies

But experts are concerned that if criminals were to piggyback on those spies' access then they could cause significant collateral damage.

Dmitri Alperovitch, the co-founder and former chief technology officer of cyber security firm Crowdstrike, warned that financially-motivated criminals could access these webshells and potentially deploy ransomware.


"Because this campaign is still ongoing - Chinese have webshells on tens of thousands of networks - the response must demand immediate shutdown of those implants to limit damage, not just signal our displeasure with the fact that it had occurred. Needs to happen now," he added.

The UK's National Cyber Security Centre said it is working to establish the extent of the campaign's impact on the country.

One cyber security professional told Sky News their business had seen a number of clients in the UK compromised by the campaign, many of whom they would not have expected to be a typical target for Beijing, suggesting the attackers would have a subsequent triage stage to select specific victims.

The Washington Post reported that the "indiscriminate nature" of the campaign has caused concern among officials, and that the Biden administration was moving to address the incident - although no actions have yet been announced.

Newsletter

Related Articles

Bermuda Post
0:00
0:00
Close
Paper straws found to contain long-lasting and potentially toxic chemicals - study
FTX's Bankman-Fried headed for jail after judge revokes bail
Blackrock gets half a trillion dollar deal to rebuild Ukraine
Steve Jobs' Son Launches Venture Capital Firm With $200 Million For Cancer Treatments
Israel: Unprecedented Civil Disobedience Looms as IDF Reservists Protest Judiciary Reform
Google reshuffles Assistant unit, lays off some staffers, to 'supercharge' products with A.I.
End of Viagra? FDA approved a gel against erectile dysfunction
UK sanctions Russians judges over dual British national Kara-Murza's trial
US restricts visa-free travel for Hungarian passport holders because of security concerns
America's First New Nuclear Reactor in Nearly Seven Years Begins Operations
Southeast Asia moves closer to economic unity with new regional payments system
Political leader from South Africa, Julius Malema, led violent racist chants at a massive rally on Saturday
Today Hunter Biden’s best friend and business associate, Devon Archer, testified that Joe Biden met in Georgetown with Russian Moscow Mayor's Wife Yelena Baturina who later paid Hunter Biden $3.5 million in so called “consulting fees”
Singapore Carries Out First Execution of a Woman in Two Decades Amid Capital Punishment Debate
Spanish Citizenship Granted to Iranian chess player who removed hijab
US Senate Republican Mitch McConnell freezes up, leaves press conference
Speaker McCarthy says the United States House of Representatives is getting ready to impeach Joe Biden.
San Francisco car crash
This camera man is a genius
3D ad in front of Burj Khalifa
Next level gaming
Google testing journalism AI. We are doing it already 2 years, and without Google biased propoganda and manipulated censorship
Unlike illegal imigrants coming by boats - US Citizens Will Need Visa To Travel To Europe in 2024
Musk announces Twitter name and logo change to X.com
'I just lost it' Lowe’s worker fired after 13 years of employment for confronting thieves trying to steal $2K of merchandise
The politician and the journalist lost control and started fighting on live broadcast.
The future of sports
Unveiling the Black Hole: The Mysterious Fate of EU's Aid to Ukraine
Farewell to a Music Titan: Tony Bennett, Renowned Jazz and Pop Vocalist, Passes Away at 96
Alarming Behavior Among Florida's Sharks Raises Concerns Over Possible Cocaine Exposure
Transgender Exclusion in Miss Italy Stirs Controversy Amidst Changing Global Beauty Pageant Landscape
Joe Biden admitted, in his own words, that he delivered what he promised in exchange for the $10 million bribe he received from the Ukraine Oil Company.
TikTok Takes On Spotify And Apple, Launches Own Music Service
Global Trend: Using Anti-Fake News Laws as Censorship Tools - A Deep Dive into Tunisia's Scenario
Arresting Putin During South African Visit Would Equate to War Declaration, Asserts President Ramaphosa
Hacktivist Collective Anonymous Launches 'Project Disclosure' to Unearth Information on UFOs and ETIs
Typo sends millions of US military emails to Russian ally Mali
Server Arrested For Theft After Refusing To Pay A Table's $100 Restaurant Bill When They Dined & Dashed
The Changing Face of Europe: How Mass Migration is Reshaping the Political Landscape
China Urges EU to Clarify Strategic Partnership Amid Trade Tensions
Europe is boiling: Extreme Weather Conditions Prevail Across the Continent
The Last Pour: Anchor Brewing, America's Pioneer Craft Brewer, Closes After 127 Years
Democracy not: EU's Digital Commissioner Considers Shutting Down Social Media Platforms Amid Social Unrest
Sarah Silverman and Renowned Authors Lodge Copyright Infringement Case Against OpenAI and Meta
Italian Court's Controversial Ruling on Sexual Harassment Ignites Uproar
Why Do Tech Executives Support Kennedy Jr.?
The New York Times Announces Closure of its Sports Section in Favor of The Athletic
BBC Anchor Huw Edwards Hospitalized Amid Child Sex Abuse Allegations, Family Confirms
Florida Attorney General requests Meta CEO's testimony on company's platforms' alleged facilitation of illicit activities
The Distorted Mirror of actual approval ratings: Examining the True Threat to Democracy Beyond the Persona of Putin
×