A Chinese government-linked hacking campaign revealed by Microsoft this week has gained rapid momentum. At least four other separate hacker groups are now tackling critical flaws in Microsoft’s messaging software in a cyber campaign that the US government describes as “widespread national and international exploitation” that could potentially have an impact. impact on hundreds of thousands of victims around the world.
From January 2021, Chinese hackers known as Hafnium began exploiting vulnerabilities in Microsoft Exchange servers. But since the company publicly revealed On Tuesday, four more groups joined the campaign and the original Chinese hackers dropped the pretense of stealth and increased the number of attacks they carry out. The growing list of victims includes tens of thousands of US businesses and government offices targeted by the new groups.
“There are at least five different business groups that appear to be exploiting the vulnerabilities,” says Katie Nickels, who heads an intelligence team at cybersecurity firm Red Canary that investigates the hacks. When tracking cyber threats, intelligence analysts group groups of hacking activities based on the specific techniques, tactics, procedures, machines, people, and other characteristics they observe. It is a way to track the hacking threats they face.
Hafnium is a sophisticated Chinese hacking group that has a long history of cyberespionage campaigns against the United States, according to Microsoft. They are a supreme predator – exactly the kind that is always closely followed by opportunistic and intelligent scavengers.
Business quickly shifted into high gear once Microsoft made its announcement on Tuesday. But who exactly these hacking groups are, what they want and how they access these servers remains unclear. It’s possible that the original Hafnium Group sold or shared their exploit code, or that other hackers reverse engineered the exploits based on fixes released by Microsoft, Nickels says.
“The challenge is that it’s all so murky and there’s so much overlap,” says Nickels. “What we’ve seen is that since Microsoft released on Hafnium, it has expanded beyond Hafnium. We have seen activities that appear to be different from the tactics, techniques, and procedures they reported. ”