Mar 5, 2021 - Technology

30,000 U.S. organizations hacked by Chinese espionage unit

A screen displaying Microsoft's logo in Hong Kong in February 2021.

A screen displaying Microsoft's logo in Hong Kong in February 2021. Photo: Chukrut Budrul/SOPA Images/LightRocket via Getty Images

At least 30,000 U.S. victims — including small businesses and local governments — have been hacked by a cyber espionage unit backed by the Chinese government, Krebs on Security reports.

What's happening: Hackers focused on stealing emails from victim organizations by exploiting flaws in the Microsoft Exchange Server, widely used by large companies and organizations.

Context: Since January, Chinese-backed hackers have used four flaws in Microsoft's software to gain control of the email servers of organizations around the world.

  • Microsoft released emergency security updates for the software on March 2, but the Chinese group has quickly increased attacks on unpatched Exchange servers since the release of the update.
  • Among the U.S. victims are "banks, credit unions, non-profits, telecommunications providers, public utilities and police, fire and rescue units," according to Krebs on Security, which reviewed a list of victims.

The big picture: The attack follows the major SolarWinds breach by Russian-backed hackers that became public in December 2020 and will likely compound pressure on the government and private sector to strengthen cybersecurity measures.

  • The new breach is unrelated to SolarWinds, but it also "may well end up far eclipsing the damage done by the SolarWinds intruder," according to Krebs.

What they're saying: The Biden administration has warned victims of the attack over the last few days.

  • Jen Psaki, White House press secretary, said Friday that the Microsoft breach "is a significant vulnerability that could have far-reaching impacts."
  • National Security adviser Jake Sullivan said in a tweet on Thursday that the government is "closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities."
Go deeper