The White House fears a significant number of organisations around the world have been compromised through a back door installed via recently patched flaws in Microsoft’s email software, and warns it “could have far-reaching impacts”.
- Microsoft has declined to provide details on the scale of the hack
- All of those affected are thought to have used web versions of the Outlook email client
- White House press secretary Jen Psaki says there are concerns “there are a large number of victims”
The hacking has already reached more places than all of the tainted code downloaded from SolarWinds Corp, the company at the heart of another massive hacking spree uncovered in December.
The latest hack has left channels for remote access spread among credit unions, town governments and small businesses, according to records from a US investigation.
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advised organisations using Microsoft Exchange to urgently patch vulnerabilities.
“The ACSC is monitoring the situation and is able to provide assistance and advice as required,” an ACSC alert said.
If successfully exploited, “an unauthenticated attacker” could “write files and execute code”, the alert warned.
Tens of thousands of organisations in Asia and Europe are also affected, the records show.
The hacks are continuing despite emergency patches issued by Microsoft on Tuesday.
Microsoft, which had initially said the hacks consisted of “limited and targeted attacks,” declined to comment on the scale of the problem on Friday but said it was working with government agencies and security companies to provide help to customers.
One scan of connected devices showed only 10 per cent of those vulnerable had installed the patches by Friday, though the number was rising.
Because installing the patch does not get rid of the back doors, US officials are racing to figure out how to notify all the victims and guide them in their hunt.
All of those affected appear to run Web versions of email client Outlook and host them on their own machines, instead of relying on cloud providers.
That may have spared many of the biggest companies and federal government agencies, the records suggest.
The federal Cybersecurity and Infrastructure Security Agency did not respond to a request for comment.
More attacks expected as malware spreads
Earlier on Friday, White House press secretary Jen Psaki told reporters that the vulnerabilities found in Microsoft’s widely used Exchange servers were “significant,” and “could have far-reaching impacts”.
“We’re concerned that there are a large number of victims,” Psaki said.
Microsoft has blamed the initial wave of attacks on a Chinese government-backed actor. A Chinese government spokesman said the country was not behind the intrusions.
What started as a controlled attack late last year against a few classic espionage targets grew last month to a widespread campaign.
Security officials said that implied that unless China had changed tactics, a second group may have become involved.
More attacks are expected from other hackers as the code used to take control of the mail servers spreads.
The hackers have only used the back doors to re-enter and move around the infected networks in a small percentage of cases, probably less than 1 in 10, a government workers told Reuters.
“A couple hundred guys are exploiting them as fast as they can,” stealing data and installing other ways to return later, he said.
The initial avenue of attack was discovered by prominent Taiwanese cyber researcher Cheng-Da Tsai, who said he reported the flaw to Microsoft in January.
He said in a blog post that he was investigating whether the information leaked.