At least ten hacking groups, some linked to China, are using flaws in Microsoft mail to break servers, with tens of thousands of organisations already compromised
- Security researchers have found holes in Microsoft’s mail and calendar system
- This could allow hackers to steal emails from anyone with ease, experts fear
- Warnings have been issued by authorities in US and Europe about the flaws
At least 10 hacking groups are using a flaw in Microsoft’s email software to break in to targets around the world, cybersecurity experts claim.
The security holes in the tech company’s mail and calendars system could make it vulnerable to industrial-scale cyber espionage, with some hackers linked to China.
This could allow hackers to steal emails from anyone with ease, the researchers at ESET found.
At least 10 hacking groups are using a flaw in Microsoft’s email software to break in to targets around the world, cybersecurity experts claim
Warnings have been issued by authorities in the US and Europe about the weaknesses found in Microsoft’s Exchange software
Tens of thousands of organisations have already been compromised, Reuters reported last week.
While Microsoft has issued fixes, the sluggish pace of many customers’ updates means it remains open to hackers.
Experts are particularly concerned about the prospect of ransom-seeking cybercriminals taking advantage of the flaws because it could lead to widespread disruption.
Slovakia-based ESET said in a blog post issued on Wednesday there were already signs of cybercriminal exploitation.
One group that specializes in stealing computer resources can mine cryptocurrency breaking in to vulnerable servers to spread its malicious software.
Several of the groups appeared to know about the vulnerability before it was announced by Microsoft on March 2
ESET named nine other espionage-focused groups it said were taking advantage of the flaws to break in to targeted networks – several of which other researchers have tied to China.
Several of the groups appeared to know about the vulnerability before it was announced by Microsoft on March 2.
ESET researcher Matthieu Faou said in an email it was ‘very uncommon’ for so many different cyber espionage groups to have access to the same information before it is made public.
He speculated that either the information ‘somehow leaked’ ahead of the Microsoft announcement or it was found by a third party that supplies vulnerability information to cyber spies.
Source: Read Full Article