Our award-winning reporting has moved

Context provides news and analysis on three of the world’s most critical issues:

climate change, the impact of technology on society, and inclusive economies.

Experts brace for wave of hacks tied to Microsoft email vulnerabilities

by Reuters
Friday, 5 March 2021 22:29 GMT

(Adds comment by cybersecurity expert, other details)

By Raphael Satter and Trevor Hunnicutt

WASHINGTON, March 5 (Reuters) - The White House and cybersecurity experts are bracing for a wave of intrusions tied to the Microsoft software vulnerabilities exposed this week, with some warning that other hackers may already have found the flaws used by alleged Chinese spies to penetrate networks across the internet.

On Friday, White House press secretary Jen Psaki warned that the vulnerabilities found in Microsoft Corp's widely used Exchange servers were "significant," and "could have far-reaching impacts."

"We're concerned that there're a large number of victims," Psaki said.

The China-linked hacking activity appears to have been discovered in January. Wielding tools that exploited four previously unknown vulnerabilities, a group that Microsoft dubs "Hafnium" broke in to email servers, remotely and silently siphoning information from users' inboxes without having to send a single malicious email or rogue attachment.

Sean Koessel, of Virginia-based cybersecurity firm Volexity, said his firm has caught the hackers using the technique to steal emails from three different U.S. think tanks, which he declined to identify. But while that was consistent with classic digital spy work - it seemed restrained and deliberate - a sudden and dramatic upswing in activity during the final two days of February led him to conclude that other hackers have piled in behind them.

"It really, really accelerated over the weekend," he said. "That's when we saw that other actors were involved."

He said his firm alone is dealing with victims in the "high double digits" of the second wave of hacking. He declined to identify them.

Few other victims of the hackers have been made public so far. Microsoft said this week that Hafnium's targets included infectious disease researchers, law firms, higher-education institutions, defense contractors and nongovernmental groups.

Much of the activity was concentrated in the United States, but victims have popped up around the world.

Norwegian authorities said they had seen "limited" exploitation of the vulnerability in their country. The Prague municipality and the Czech Ministry for Labor and Social Affairs were among those affected, according to a European cyber official briefed on the matter.

The official said the technique's ease of exploitation meant the hackers had effectively been enjoying a "free buffet" since the beginning of the year.

The worry now is that others are joining the feast far faster than the hosts can lock away the food.

Although Microsoft has published fixes for the vulnerabilities and the U.S. government - including National Security Adviser Jake Sullivan - has urged users to update their software, not everyone has done so.

Exchange can be a complicated program, said Koessler, and it is difficult to find down time for servers that run company emails and calendars.

Updating to more secure software "is going to be complicated for certain places," he said. But he said it still needed to be done as soon as possible, especially if yet more hackers begin exploiting it.

"It's one of those vulnerabilities that, once it's out there, it's just epically bad," he said. (Reporting by Raphael Satter in Washington Editing by David Gregorio and Matthew Lewis)

Our Standards: The Thomson Reuters Trust Principles.