Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims

When the news hit Earlier this week there were Chinese hackers Actively targeting Microsoft Exchange Server, The cybercity community warned that those who were exploiting zero could allow them to hit countless organizations around the world. Now it has become clear that many email servers hacked by them. From all appearances, a group known as hafnium emerged as many victims whom they could find on the global internet, leaving the latter to retreat.

According to investigative sources in the hacking campaign, HIRnium has now exploited zero-day vulnerabilities in Microsoft’s Exchange Server Outlook Web access, according to investigators investigating the hacking campaign, who spoke to WIRED. Is not less than. The intrusion, first spotted by security firm Volexity, began on January 6, starting last Friday. The hackers have responded to Microsoft’s patch, released on Tuesday, and by automating their hacking campaign. A security researcher involved in the investigation spoke to WIRED on the condition of anonymity, with the number of hacked Exchange servers being over 30,000 in the US alone, and hundreds of thousands worldwide, all apparently by the same group. Independent cyber security journalist Brian Krebs Earlier reported that the figure of 30,000 on Friday, Citing sources that gave information to national security officials.

“It’s huge. Absolutely heavy,” a former national security official with knowledge of the investigation told WIRED. “We are compromising thousands of servers per hour globally.”

At a press conference on Friday afternoon, White House press secretary Jane Saki warned anyone running affected Exchange servers to immediately apply Microsoft’s patch for vulnerabilities. The White House press secretary commented on the particular cyber security vulnerabilities, saying, “We are concerned that there are a large number of victims and are working with our allies.” “Network owners also need to consider whether they have already been compromised and should take appropriate steps immediately.” This advice from the White House resonated Tweet from Former Cyberspace and Infrastructure Security Agency director Chris Krebs on Thursday night advised someone to “compromise” with an exclusive exchange server and initiate incident response measures to remove hackers’ access.

Affected networks, including possibly small and medium-sized organizations from large enterprises that use cloud-based email systems, appear to have been hacked indiscriminately through automated scanning. Hackers employed remotely accessible, web-based backdoor footholds – a “web shell” that they exploited on the Exchange server, allowing them to perform reconnaissance on target machines and possibly moving to other computers on the network.

Steven Adair, founder of Volexity, says this means hundreds of hacked servers worldwide are likely to be actively targeted by Chinese hackers. Nevertheless, any organization that does not take pains to remove the backdoor of hackers is compromised, and hackers can cause their networks to steal data or cause havoc until the web shell is removed. . “By and large, there are a large number of organizations that are getting an early foothold,” Adair says. “This is a tick time bomb that can be used against them at any time.”

Although the vast majority of intrusions involve only those web shells, the “astronomical” scale of those global agreements is uniquely disturbing, with a security researcher participating in the investigation that revealed WIRED. Compromising small to medium-sized organizations include local government agencies, police, hospitals, Kovid’s response, energy, transportation, airports, and prisons. The researcher said, “China is just owned by the world or at least with Outlook Web Access.” “Last time someone was so bold, as just to hit EveryoneThe “

.