Site icon myLawrd

Chinese state-sponsored hacking group behind MS Exchange hack

Chinese state-sponsored hacking group

A very sophisticated cyber attack incident took place recently on Microsoft’s widely used business email software MS Exchange. Hackers are trying to infect as many systems as they can before companies can secure their system. Microsoft says that this is the work of Chinese state-sponsored hacking group Hafnium.  

This attack has so far claimed at least 60,000 known victims globally. Many of them appear to be small or medium sized businesses. Victims identified so far include banks and electricity providers as well as senior citizen homes. The number of victims is estimated to be in the hundreds of thousands, with the European Banking Authority (EBA) becoming the latest major public body to be compromised by the hack, forcing it to take all email systems offline. Microsoft has issued an emergency path on 2nd March, 2021 but it does nothing on the systems that are already compromised. The EBA says that access to personal data through emails held on MS Exchange servers may have been obtained by the attacker. It is currently scrambling to identify what is any data was accessed. As a precautionary measure, the EBA has decided to take its email systems offline for the time being.

It has also been reported that Microsoft was warned about Exchange server flaws two months prior to the attack. Cyber security journalist Brian Krebs has complied a basic timeline of the hack. Krebs’ research shows that on January 5th, Microsoft was first notified of two of the four Zero-day Vulnerabilities by a researcher at security testing firm DevCore. Another cyber security provider Dubex reported their incident response findings to Microsoft on 27th January. On 2nd February, cyber security solutions provider Volexity also reported the same two vulnerabilities to Microsoft.  However, Dubex’s CTO said that his company “never got a real” confirmation from Microsoft of the zero-day before a patch was released. (Microsoft released an emergency path on March 3)

The result is a second cybersecurity crisis coming just months after suspected Russian hackers breached nine federal agencies and at least 100 companies through tampered updates from IT management software maker SolarWinds LLC. Cybersecurity experts that defend the world’s computer systems expressed a growing sense of frustration and exhaustion.

It was also reported recently that Chinese state-sponsored hacking group caused Mumbai blackout.

Update (18.03.2021) : As per a report by Check Point Research, a total of 32 Indian organisations were hit by hackers who exploited vulnerabilities in Microsoft Exchange servers. Finance and Banking sectors were hit worst with 28% of the attacks. Government and military establishments constituted 16%, manufacturing 12.5%, and insurance and legal sectors 9.5% of the attacks. All other industries stood at 34%.


Do subscribe to our Telegram channel for more resources and discussions on technology law and news. To receive weekly updates, and a massive monthly roundup, don’t forget to subscribe to our Newsletter.

You can also follow us on InstagramFacebookLinkedIn, and Twitter for frequent updates and news flashes about #technologylaw.

Exit mobile version