WASHINGTON: More than 20,000 U.S. organizations have been compromised through a back door installed via recently patched flaws in Microsoft Corp's email software, a person familiar with the U.S. government's response said on Friday.
The hacking has already reached more places than all of the tainted code downloaded from SolarWinds Corp, the company at the heart of another massive hacking spree uncovered in December.
The latest hack has left channels for remote access spread among credit unions, town governments and small businesses, according to records from the U.S. investigation.
Tens of thousands of organizations in Asia and Europe are also affected, the records show.
The hacks are continuing despite emergency patches issued by Microsoft on Tuesday.
Microsoft, which had initially said the hacks consisted of "limited and targeted attacks," declined to comment on the scale of the problem on Friday but said it was working with government agencies and security companies to provide help to customers.
It added, "impacted customers should contact our support teams for additional help and resources."
One scan of connected devices showed only 10% of those vulnerable had installed the patches by Friday, though the number was rising.
Because installing the patch does not get rid of the back doors, U.S. officials are racing to figure out how to notify all the victims and guide them in their hunt.
All of those affected appear to run Web versions of email client Outlook and host them on their own machines, instead of relying on cloud providers. That may have spared many of the biggest companies and federal government agencies, the records suggest.
The federal Cybersecurity and Infrastructure Security Agency did not respond to a request for comment.
Earlier on Friday, White House press secretary Jen Psaki told reporters that the vulnerabilities found in Microsoft's widely used Exchange servers were "significant," and "could have far-reaching impacts."
"We're concerned that there are a large number of victims," Psaki said.
Microsoft and the person working with the U.S. response blamed the initial wave of attacks on a Chinese government-backed actor. A Chinese government spokesman said the country was not behind the intrusions.
What started as a controlled attack late last year against a few classic espionage targets grew last month to a widespread campaign. Security officials said that implied that unless China had changed tactics, a second group may have become involved.
More attacks are expected from other hackers as the code used to take control of the mail servers spreads.
The hackers have only used the back doors to re-enter and move around the infected networks in a small percentage of cases, probably less than 1 in 10, the person working with the government said.
"A couple hundred guys are exploiting them as fast as they can," stealing data and installing other ways to return later, he said.
The initial avenue of attack was discovered by prominent Taiwanese cyber researcher Cheng-Da Tsai, who said he reported the flaw to Microsoft in January. He said in a blog post that he was investigating whether the information leaked.
He did not respond to requests for further comment.
Reuters
Sat Mar 06 2021
A Microsoft logo is seen on an office building in New York City on July 28, 2015. REUTERS pic
Kes Zayn Rayyan: Nama kekal dalam kertas pertuduhan
Timbalan Pendakwa Raya, Datin Kalmizah Salleh berkata, pendakwaan tidak akan meminda nama Zayn Rayyan Abdul Matiin kepada Zayn Rayyan bin Zaim Ikhwan.
4 cedera dalam kebakaran loji penapisan minyak di Greece
Kebakaran berjaya dikawal, namun anggota bomba akan terus bertugas sepanjang malam bagi memadam sisa kebakaran dan mengelakkan risiko kejadian berulang.
Pakar pendidikan senaraikan tiga sebab Pentaksiran Bilik Darjah tidak berkesan di Malaysia
Pelaksanaan PBD dan PBS ketika ini dilihat kurang berkesan sehingga menyebabkan ramai pihak mahu UPSR dan PT3 dikembalikan segera.
Perlis, destinasi pilihan lapan negara hidupkan budaya, warisan rantau Asia
Negeri Indera Kayangan itu mencipta lembaran pertukaran ilmu pelbagai negara untuk 'memberi nafas' terhadap budaya dan warisan di rantau Asia.
Kelantan rancang pindah Zon Bebas Cukai Rantau Panjang ke lokasi lain - Exco
Kelantan rancang pindahkan Zon Bebas Cukai Rantau Panjang di Pasir Mas ke lokasi yang lebih sesuai dan strategik pada masa hadapan.
Spotlight on ASEAN business: Charting new frontiers
Minister of Investment, Trade and Industry
Mpox: Rakyat Kelantan pulang dari negara berisiko diminta maklum JKNK
Rakyat Kelantan yang pulang dari negara berisiko termasuk Afrika seperti Republik Demokratik Congo diminta memaklumkan kepada Jabatan Kesihatan Negeri Kelantan.
Levi’s Buka Semula Kedai Terbesar di Suria KLCC, Malaysia
Levi’s telah membuka semula kedai flagship terbesar di Asia Tenggara di Suria KLCC, seluas 393 meter persegi, dengan konsep NextGen Indigo dan pengalaman membeli-belah moden. Kedai ini menawarkan pelbagai koleksi unik serta opsyen personalisasi berinspirasi Malaysia.
Jiwa SME: Reclimate Sdn Bhd: Inovasi Teknologi Bersih Mengubah Sisa Pertanian Menjadi Biochar
Berpusat di Kuala Lumpur, Reclimate Sdn Bhd berada di barisan hadapan inovasi teknologi bersih, mengubah sisa pertanian menjadi biochar untuk meningkatkan kesihatan tanah dan mengurangkan pelepasan karbon. Platform digital mereka menggunakan IoT untuk memastikan ketelusan dan memperkasa petani dengan kredit karbon berkualiti tinggi.
Ahli GISBH mengaku tidak bersalah, mohon ikat jamin ringan kerana baru timang anak ke-10
Mengikut kertas pertuduhan, Mohamad Riza didakwa mengeluarkan ugutan berbunyi: "Kita tunggu, kita tahu dekat mana rumah, suami, dan keluarga" terhadap wanita berkenaan.
G42, Microsoft akan lancar dua pusat AI di Abu Dhabi
Kedua-dua pusat itu dibina berdasarkan kerja yang dilaksanakan Microsoft dan G42 untuk melaksanakan piawaian dan amalan AI Bertanggungjawab.
Microsoft mansuh 650 pekerjaan di unit permainan Xbox
Langkah itu diambil ketika syarikat teknologi itu menyasarkan untuk mengatur semula perniagaannya bagi "kejayaan jangka panjang".
Microsoft akan kongsi inovasi Copilot seterusnya pada 16 September
Microsoft Akan Berkongsi Inovasi Copilot Seterusnya Pada 16 September
Selamat tinggal Control Panel, semua tetapan sistem Windows akan ke Settings
Selamat Tinggal Control Panel, Semua Tetapan Sistem Windows Akan Ke -Settings-
Microsoft bakal tamatkan sokongan Paint 3D menjelang November ini
Sokongan untuk aplikasi tersebut juga ditamatkan kerana ciri-ciri lain yang ditawarkan pada Paint 3D nampaknya tidak mendapat sambutan yang begitu baik daripada pengguna.
Microsoft label OpenAI sebagai pesaing dalam arena AI, enjin carian
Perkara ini dilihat selari pengumuman OpenAI dalam arena enjin carian melalui SearchGPT.
Gangguan IT global: Kerajaan tunggu laporan penuh Microsoft, Crowdstrike - Gobind
Kerajaan telah meminta Microsoft dan Crowdstrike menyediakan laporan penuh berhubung gangguan sistem teknologi maklumat (IT) global pada 19 Julai lalu.
97% komputer Windows yang terkesan oleh masalah Crowdstrike berjaya dipulihkan
Impak gangguan Crowdstrike adalah sangat besar dengan ia dianggarkan mengakibatkan kerugian AS$52 bilion pada syarikat Fortune 500 di Amerika.
Microsoft perkenal perisian khusus untuk atasi masalah Crowdstrike pada Windows
Perisian berkenaan boleh dimuat turun secara percuma melalui Microsoft Download Center.
Microsoft anggar 8.5 juta komputer Windows terkesan masalah kemas kini Crowdstrike
Microsoft menyatakan impak ekonomi yang dibawakan kesan daripadanya adalah sangat besar.