Four new hacking groups have joined an ongoing offensive against Microsofts email servers – MIT Technology Review

Posted: March 9, 2021 at 1:26 pm

A Chinese government-linked hacking campaign revealed by Microsoft this week has ramped up rapidly. At least four other distinct hacking groups are now attacking critical flaws in Microsofts email software in a cyber campaign the US government describes as widespread domestic and international exploitation with potential impact on hundreds of thousands of victims worldwide.

Beginning in January 2021, Chinese hackers known as Hafnium began exploiting vulnerabilities in Microsoft Exchange servers. But since the company publicly revealed the campaign on Tuesday, four more groups have joined in, and the original Chinese hackers have dropped the pretense of stealth and increased the number of attacks theyre carrying out. The growing list of victims includes tens of thousands of US businesses and government offices targeted by the new groups.

There are at least five different clusters of activity that appear to be exploiting the vulnerabilities, says Katie Nickels, who leads an intelligence team at the cybersecurity firm Red Canary that is investigating the hacks. When tracking cyberthreats, intelligence analysts group clusters of hacking activity by the specific techniques, tactics, procedures, machines, people, and other characteristics they observe. Its a way to track the hacking threats they face.

Hafnium is a sophisticated Chinese hacking group that has long run cyber-espionage campaigns against the United States, according to Microsoft. They are an apex predatorexactly the sort that is always followed closely by opportunistic and smart scavengers.

Activity quickly kicked into higher gear once Microsoft made its announcement on Tuesday. But exactly who these hacking groups are, what they want, and how theyre accessing these servers remain unclear. Its possible that the original Hafnium group sold or shared their exploit code or that other hackers reverse-engineered the exploits based on the fixes that Microsoft released, Nickels explains.

The challenge is that this is all so murky and there is so much overlap, Nickels says. What weve seen is that from when Microsoft published about Hafnium, its expanded beyond just Hafnium. Weve seen activity that looks different from tactics, techniques, and procedures from what they reported on.

Follow this link:

Four new hacking groups have joined an ongoing offensive against Microsofts email servers - MIT Technology Review

Related Posts