It’s the end of February, և Microsoft engineers have been working for weeks on a number of alarming vulnerabilities in the company’s popular e-Exchange service. They were in a hurry to send corrections, targeting the second Tuesday in March, a cyber security ritual known every month as “patchwork Tuesday.”
The hackers started their heads. After weeks of restrained attacks, Chinese hackers moved into high gear. The result was a large-scale campaign that engulfed thousands of organizations in a matter of days.
Something went wrong. Usually a relatively smooth process. What Microsoft regularly uses to identify and fix vulnerabilities in its popular software has turned into a global cyber security crisis that is now consuming the attention of the White House.
In total, researchers have identified four vulnerabilities – classifying them as possible – that is, hackers can use them to steal unseen e-mails and other information.
But on February 26, before the software giant could publish its attackers, the attackers began to penetrate the email en masse. Postal systems. “They almost knew they had a window of opportunity,” said Ryan Kahlberg, executive vice president of cyber security strategy. Security Company, Proofpoint Inc.
Microsoft is currently investigating the possibility of a leak that could prompt the exchange of these massive compromises before its patch release, according to two sources who know the company’s response to the attack. Sources, who did not have the authority to comment on the matter, said the leak, if it did occur, could have been caused by one of the company’s security or government partners or independent investigators. They may say that the leak could be harmful or could be part of a separate security breach.
A Microsoft spokesman declined to comment.
When Microsoft released its patches a week before the March 2 deadline, it protected some customers, but it also acted as an accelerator to attack as more hackers gathered. Victims went on a rampage before the victims closed their doors, and hackers broke into banks and governments around the world, as did schools, hospitals, manufacturers, and regional hotel chains.
The number of cyber-spyware groups attacking Exchange servers has now risen to at least 10, according to a recent blog post by ESET, which killed at least 60,000 people at the end of last week, according to a previous investigation. US official. According to security researchers, the number of attackers is sharply higher now that the vulnerability has become widespread among criminal hackers.
“The president has been informed and is following up on the matter,” a spokesman for the US National Security Council said in an e-mail on Wednesday. “The White House is working around the clock with our public-private partners to keep Congress fresh, to assess the impact, and to determine the next steps we need to take.”
Hackers are constantly looking for potential software flaws known as zero days as they can be used to steal data from users. The more widely used the software, the more valuable the knowledge about the defect. Although many governments և large companies have already moved to more modern systems, Microsoft Exchange is still used by tens of thousands of customers.
The company seems to have been aware of the shortcomings of its email exchange software from early January to early February. DEVCORE calls on Taiwan-based cyber research firm DEVCORE to warn Microsoft on January 5. Virginia-based cybersecurity company Volexity and a researcher known for deliberately finding such flaws as Orange deliberately say they are warning the company of zero days from January to early February.
It often takes Microsoft a few weeks to create a more secure version of popular software, and the company works to keep any more knowledge of any bugs secret during that time.
Several US government agencies are usually notified in advance, including the US National Security Agency and the US Department of Homeland Security, says a former US official familiar with the process. The same is true of 82 cyber security companies around the world that receive warning notifications through Microsoft Active Protection Program or MAPP.
The reason is simple. When Microsoft launches the patch, hackers all over the world compete to identify the underlying vulnerabilities and then try to crack down on companies that are slowly updating their hardware. MAPP members include Chinese companies such as Alibaba Group Holding և Baidu, although not every member is spotted with every zero day. “It’s too much for every vendor’s every incident,” said bers Slookick, senior security researcher at cybersecurity company DomainTools.
About 10 days ago, when Microsoft was planning to release fixes for its flawed e-mail software, the number of hacked Exchange clients skyrocketed, according to several companies following the action. Since February 28, ESET has been monitoring five new cyber-intelligence groups using the zero days of Exchange. Bands nicknamed “Tick”, “Lucky Mouse”, “Calypso”, “Websiic” and “Winnti” by security researchers. This is in addition to the Chinese advanced hacker group, which Microsoft recognized as Hafnium, which has been exploiting the flaws for months.
Beijing on March 3 described Microsoft’s accusation of Chinese guilt as “baseless” and called for evidence.
Although ESET did not conduct an analysis of the origins of the groups, various security researchers have published reports that five additional groups are also linked to China, for example, estimating that group hackers speak Chinese or operate over IP. addresses based in China.
Lucky Mouse used the flaw to break up a state organization in the Middle East, while Calypso used the Microsoft Exchange to intrude on Middle Eastern նպատակ South American government targets. Websic, in addition to private companies in Asia, targeted a state-owned organization operating in Eastern Europe.
Hackers have also hit private sector companies. The tick has endangered the server of an IT company in East Asia, ESET reports. And Vint used the flaw to hack emails from oil and gas companies and construction equipment companies in East Asia, hitting both targets hours after the patch was released.
The hacking came just months after a large-scale Russian attack was discovered, during which malware was downloaded to the computers of about 18,000 customers of the Texas-based software company SolarWinds.
Cybersecurity experts and former government officials fear that the incidents signal that once again insightful government hackers are launching mass incursions, wreaking havoc on their way.
Unlike the SolarWinds hackers who eventually targeted high-tech state-tech networks, the victims of the Microsoft Exchange include very small to medium-sized businesses, including local government networks. The two hackers attacked the victims from a large area of Internet-connected networks, said My Eiger, a former brigadier general in the US Air Force who is now the chief cyber strategist of Arete Advisors.
The identities of most of the victims of the Chinese attack are still unknown. The Norwegian parliament announced that it had been hacked as part of the Microsoft Exchange campaign, and said that significant data had been lost. The European Bank for Reconstruction and Development (EBRD) has said it was also a victim, but has not yet found evidence that the hackers stole secrets.
At the same time, many Microsoft customers remain at risk. Boston-based cybersecurity company BitSight Technologies says online surveys this week show that nearly a third of vulnerable Microsoft Exchange customers have not yet patched their systems, despite urgent action by the FBI և National Security Agency. requests.
“Proofpoint’s Kalember, which specializes in email security, said the past few weeks have shown just how serious the consequences of Microsoft’s patch failure can be.” There were some very bad mistakes that were supposed to be still a secret ներքին inside Microsoft. “It is clear that they were not.”