China-Linked Hack Hits Tens of Thousands of U.S. Microsoft Customers

Wall Street Journal ^ | 03/06/2021 | Robert McMillan and Dustin Volz

[SeekAndFind]

A cyberattack on Microsoft Corp.’s Exchange email software is believed to have infected tens of thousands of businesses, government offices and schools in the U.S., according to people briefed on the matter.

Many of those victims of the attack, which Microsoft has said was carried out by a network of suspected Chinese hackers, appear to be small businesses and state and local governments. Estimates of total world-wide victims were approximate and ranged broadly as of Friday. Tens of thousands of customers appear to have been affected, but that number could be larger, the people said. It could be higher than 250,000, one person said.

While many of those affected likely hold little intelligence value due to the targets of the attack, it is likely to have netted high-value espionage targets as well, one of the people said.

The hackers have been exploiting a series of four flaws in Microsoft’s Exchange software to break into email accounts and read messages without authorization, and to install unauthorized software, the company said. Those flaws are known as zero days among cybersecurity professionals because they relied on previously undisclosed software bugs, suggesting a high degree of sophistication by the hackers.

“It was being used in a really stealthy manner to not raise any alarm bells,” said Steven Adair, founder of the cybersecurity company Volexity Inc., one of the firms that Microsoft credited with reporting the issue.

[AdmSmith]

According to SentinelLabs ThunderCats, from China hacked the FSB and other Russian government organizations, detailed in the May 2021 FSB NKTsKI and Rostelecom-Solar report.

https://labs.sentinelone.com/thundercats-hack-the-fsb-your-taxes-didnt-pay-for-this-op/