(Reuters) – At least ten different hacking groups use newly discovered flaws in Microsoft Corps email server software to break into targets around the world, the cyber security company ESET said in a blog post on Wednesday.
the breadth of exploitation increases urgent warnings from US and European authorities about the weaknesses of Microsoft's Exchange software.
The security holes in the commonly used mail and calendar solution leave the door open for industrial-scale cyber espionage, allowing malicious actors to steal emails virtually at will from vulnerable servers or move elsewhere in the network. Tens of thousands of organizations have already been compromised, Reuters reported last week, and new victims are announced daily.
Earlier on Wednesday, for example, the Norwegian parliament announced that data had been "extracted" in a crime linked to Microsoft's shortcomings. Germany's cyber security watchdog also said on Wednesday that two federal authorities had been affected by the hack, although it refused to identify them.
Although Microsoft has issued corrections, the slow pace of many customer updates ̵
In addition, some of the back doors on compromised machines have passwords that are easy to guess, so that newcomers can take them over.
Microsoft declined to comment on the pace of customer updates. In previous announcements about the shortcomings, the company has emphasized the importance of "patching all affected systems immediately."
Although hacking appeared to be aimed at cyber espionage, experts are concerned about the prospect of soliciting cybercriminals taking advantage of the shortcomings as it could lead to widespread disruption.
ESET's blog post states that there were already signs of cybercrime, with a group specializing in stealing computer resources to hack cryptocurrencies breaking into previously exposed Exchange servers to spread its malicious information.
ESET named nine other espionage-focused groups that they said took advantage of the shortcomings to break into targeted networks – several of which other researchers have linked to China. Microsoft has signaled the hack against China. The Chinese government denies any role.
Captivating, several of the groups appeared to be aware of the vulnerability before it was announced by Microsoft on March 2.
Ben Read, head of cyber security firm FireEye Inc., said he could not confirm the exact details of the ESET post but said his company had also seen "several likely China groups" with Microsoft's flaws in various waves.
ESET researcher Matthieu Faou said in an email that it was "very unusual" for so many different cyber espionage groups to have access to the same information before it was published.
He speculated that either the information was "somehow leaked" before the Microsoft release or that it was found by a third party providing vulnerability information to cyber.
Taiwan-based researchers reported to Microsoft on January 5 that they had found two new flaws that needed to be patched. These two were among those that began to be used by the attackers shortly before or after the friendly report.
They said they were investigating whether there had been theft or leakage on their side, as exploitation was discovered in the wild the same week later. . So far, the Devcore group has said they have not found any evidence.
Top hackers are also often targeted by other hackers. Just this week, Microsoft patched up one of the shortcomings used by suspected North Koreans in trying to steal information from Western researchers.
But simultaneous detection occurs quite often, in part because researchers use the same or similar tools to hunt for serious deficiencies, and many eyes look at the same high-quality targets.
"It is very likely that some stakeholder groups may have exploited these vulnerabilities and led to the results of the attacks being observed by other information security providers," Devcore member Bowen Hsu told Reuters.
But the security industry has been full of other theories, including a hack of Microsoft's bug tracking system, which has happened in the past. Catalog