- Microsoft Email Vulnerability found, Over 20,000 U.S. institutions have been hacked. This Friday, a person familiar with the matter said. That vulnerability in Microsoft Corp.'s email software was hacked and more than 20,000 US institutions were disbanded.
- Records show that thousands of organizations in Asia and Europe have also been affected.
- The scope of the hacking attack exceeds all the tainted code previously downloaded from SolarWind Corp. Which was the main target of another large-scale hacking attack revealed in December last year.
Microsoft Email Vulnerability found, Over 20,000 U.S. institutions have been hacked. This Friday, a person familiar with the matter said. That vulnerability in Microsoft Corp.’s email software was hacked and more than 20,000 US institutions were disbanded.
More than 20,000 US organizations have been compromised through a backdoor installed through recent patch flaws in Microsoft’s email software. A person familiar with the US government’s response said on Friday.
The scope of the hacking attack exceeds all the tainted code previously downloaded from SolarWind Corp. Which was the main target of another large-scale hacking attack revealed in December last year.
US investigative records show that the latest hacking has allowed credit unions, township governments and small businesses to access remote access channels.
Records show that thousands of organizations in Asia and Europe have also been affected.
Although Microsoft released an emergency patch on Tuesday, hacking attacks continue.
Microsoft initially stated that hacking was a “limited and targeted attack”. But Friday declined to comment on the scale of the problem. However, Microsoft also said that it is helping customers in collaboration with government agencies and security companies.
In addition, Microsoft stated, “Affected customers should contact our support team for additional support and resources.”
A scan of the connected devices is revealed. That as of this Friday, only 10% of vulnerable devices had patches installed, but that number is still increasing.
Because the vulnerability cannot be completely eliminated by installing the patch. American officials are working hard to study this. How to inform all victims and guide them to chase hackers.
All affected companies appear to run web versions of email client Outlook on their machines rather than relying on cloud providers. Records show that many large companies and federal government agencies could be saved later.
The Federal Cyberspace and Infrastructure Security Agency (Federal Cybersecurity and Infrastructure Security Agency) did not respond to a request for comment.
On this Friday, White House press secretary Jane Saki has told reporters. That the vulnerabilities currently found in Microsoft’s widely used Exchange Server are “significant” and “could have a profound impact.”
Sasaki said: “We are concerned that the team of victims is too large.”
Microsoft and those involved in the US response have attributed the first wave of hacking to an actor with a background in the Chinese government. But a spokesman for the Chinese government said that China was not behind the hacking incident.
A controlled attack on a number of specific espionage targets that began late last year has developed into a massive operation last month. Security officials said that means. Until China changes its strategy. By then another organization may have already joined.
As the code used to control the mail server continues to spread. It is therefore expected that other hackers will carry out more attacks in the future.
Government officials said that at present, hackers are only using loopholes to re-enter and transfer infected networks. Which is only a small percentage, probably less than one-tenth.
He said: “Hundreds of people are currently using them as quickly as possible. Stealing data, and setting up other ways to return later.”
The original attack vector was discovered by a well-known Internet researcher Cheng-da Tsai in Taiwan, China. Cai said he reported the vulnerability to Microsoft in January this year. He said in a blog post that he is investigating whether the information has been leaked.
He did not respond to requests for further comment.