Microsoft is dealing with a big threat right now that has the chance to disrupt not just their company but the very systems our economy and even society are running on. They recently announced a major hack that has caused issues for a huge amount of enterprise users. And now they think they know who the culprit is. Apparently, Microsoft and some others are saying that the Chinese government is the sponsor of the larger hack and it was a state-run operation meant to cripple the company.
Microsoft is saying this latest hack was by a group called Hafnium. This is apparently a collective of hackers working under the same net and are allegedly sponsored by the Chinese government. They used a zero-day attack to enter a number of systems. And based on the speed at which other groups apparently were able to jump on the hacking bandwagon, so to speak, it does appear that a larger group coordinated it. Microsoft, as a company, has been pretty clear who they think was behind the attack on their systems. They have become concerned that it’s part of a larger effort to compromise United States systems, financial information, and even trade secrets.
The original issue was reported on March 2nd and, for the time being, has been labeled the Microsoft Exchange hack. It targeted the company’s popular email service and allowed access to hundreds of thousands of users’ information located on their email servers. The hack accessed these servers using a variety of methods including using stolen passwords and credentials while also masking as verified users, meant to be able to gain entrance. Because it started on the server level and not within a specific company or entity, the hack was able to affect many more users across a wider spectrum. In all, it is believed that over 60,000 companies and 280,000 total users were compromised in some way.
Microsoft says this hack actually began months ago, maybe as early as January with the hackers masking their efforts along the way and prying deeper into the base systems that stand up these email servers. Once it was noticed in early March, the company worked on a fix. But thousands had already seen the damage done with the hackers able to read and search emails in every place they infiltrated. This also had the effect of moving beyond just the information within the email data because the original attack led to hackers being able to drill deeper into systems because of acquired credentials.
It was in early March that Microsoft released a number of security patches meant to stop the hackers continued access to the email servers, but by that point, the damage was already done. They’d already gone about their business unnoticed for possibly months. How the United States government responds if this was, in fact, a state-sponsored attack by China remains to be seen. In the meantime, the software company is saying that users should always enable two-factor authentication on accounts and allow security updates whenever possible.