Hackers use Microsoft to hack

Microsoft hack: Many German companies could be affected

The number of possible victims of an attack on Microsoft email software fluctuates and yet reveals its global significance. The Wall Street Journal speaks of 250,000 victims worldwide. The financial service Bloomberg a former US official familiar with the investigation said at least 60,000 e-mail servers were known to have been affected.

What could that happen?

Cyber ​​security expert Brian Krebs wrote on his website on Friday that the attackers had exploited a security hole in the Microsoft software company's Exchange email service, stolen emails and infected computers with programs that would allow remote control.

White House spokeswoman Jennifer Psaki spoke of a "current threat". "Everyone who uses these servers must act now," said Psaki and advised to install an available security update as soon as possible. "We fear that there will be a large number of victims."

The Microsoft loophole became known days ago. According to Microsoft, the Exchange Server versions 2013, 2016 and 2019 are affected. The vulnerabilities did not exist in cloud versions of Microsoft's e-mail service.

A security update has been available for the vulnerability in the Exchange Server since last week. However, it must first be installed by the customer himself. On Friday, the German Federal Office for Information Security (BSI) warned around 9,000 companies to fill the gap quickly. "The actual number of vulnerable systems in Germany is likely to be significantly higher," warned the authority, which is responsible for IT security for the federal government, among other things.

"In an international comparison, German companies are particularly hard hit by this Microsoft Exchange gap," said Rüdiger Trost from the IT security company F-Secure on Sunday. "The reason: German companies fear the cloud and therefore often operate services such as Exchange locally." It is now a race against time.

Attackers from China

The hacker group called "Hafnium" by Microsoft is, according to the company, a "very accomplished and highly developed player". In the past, according to Microsoft, hafnium was primarily aimed at organizations and institutions in the United States. Affected were therefore "research institutions for infectious diseases, law firms, universities, defense companies, political think tanks and non-governmental organizations". The group is based in China, but operates mainly through rented virtual private servers in the USA.

The attackers initially selected a few targets, but in the end they went over to automatically adding back doors to tens of thousands of e-mail servers on a daily basis, said the head of the IT security company Volexity, Steven Adair, at Bloomberg.

The IT expert Krebs writes that the number of attacks "increased dramatically" after Microsoft's security update. "At least 30,000 organizations in the United States, including a significant number of small businesses, city and regional governments, have been attacked in the past few days by an unusually aggressive Chinese cyber espionage unit focused on email theft."

Rüdiger Trost from the IT security company F-Secure assumes that the attackers are now overwhelmed because they cannot immediately exploit all open networks. Therefore, a back door will be installed for later. "So we will see a lot of data leaks and extortions due to this exchange gap in the coming months," said Trost.

nm / hb (dpa, afp)