News   /   Society   /   Business

At least 10 hacking groups using Microsoft software flaw: Report

US Rep. Ilhan Omar (D-MN) (L) talks with Speaker of the House Nancy Pelosi (D-CA) during a rally with fellow Democrats before voting on H.R. 1, or the People Act, on the East Steps of the US Capitol on March 08, 2019 in Washington, DC. (AFP photo)
Silhouettes of laptop and mobile device users are seen next to a screen projection of Microsoft logo in this picture illustration taken March 28, 2018. (Reuters photo)

At least 10 hacking groups are using flaws in Microsoft Corp.’s mail server software to break in to targets around the globe, cybersecurity company ESET has warned.

On March 2, Microsoft said there were vulnerabilities in its Exchange Server mail and calendar software for corporate and government data centers. Tens of thousands of organizations have been compromised so far.

The recently discovered flaws enable hackers to conduct industrial-scale cyber espionage and steal emails virtually at will from vulnerable servers or move elsewhere in the network.

In a blog post on Wednesday, ESET said there were already signs of cybercriminal exploitation, noting a group, which specializes in stealing computer resources to mine cryptocurrency, is breaking in to previously susceptible Exchange servers to spread its malicious software.

Nine other espionage-focused groups, the company said, were abusing the flaws to break in to targeted networks, several of which have been tied to China. Beijing, however, denies any role.

Authorities in the United States and Europe have, in the meantime, issued warnings about the weaknesses found in the software as new victims are being made public daily.

Norway’s parliament, for instance, announced Wednesday that data had been “extracted” in a breach made possible because of the Microsoft flaws.

In Germany, the country’s cybersecurity watchdog agency also said on Wednesday two federal authorities had been targeted.

Microsoft has issued security patches, but due to the slow pace of many customers’ updates - which experts attribute in part to the complexity of Exchange’s architecture - the field remains at least partially open to hackers of all types.

The hack will probably mark one of the top cybersecurity events of the year since Exchange is still widely used around the world.

Last week, the US Cybersecurity and Infrastructure Security Agency (CISA) warned that the flaws could "enable an attacker to gain control of an entire enterprise network."

Meanwhile, the administration of US President Joe Biden is expected to form a task force comprised of multiple agencies — including the National Security Council, FBI, CISA and others — to resolve the issue.

"This has the potential to simultaneously affect organizations that are critical to everyday life in the US," a source familiar with the US government investigation into the attack told CNN.

Press TV’s website can also be accessed at the following alternate addresses:

Press TV News Roku