Microsoft flaw: 30,000 American organizations victims of Chinese hackers - France 24

San Francisco (AFP)

Tens of thousands of businesses, cities and local institutions in the United States have been attacked by a group of state-backed hackers, according to a cybersecurity specialist who gave details on Friday of a hack. Microsoft Mail.

"At least 30,000 organizations (...) have been hacked in recent days by an unusually aggressive Chinese cyber espionage unit, which focuses on email theft, according to multiple sources," Brian Krebs said on his report. KrebsonSecurity blog.

Microsoft warned Tuesday that hackers in the so-called "Hafnium" group were exploiting security holes in its Exchange messaging services to steal data from business users.

This "highly qualified and sophisticated player", according to the computer giant, has in the past already targeted companies in the United States, particularly in the field of research on infectious diseases, law firms, universities , defense companies, think tanks and NGOs.

"The threat is active," said Jen Psaki, spokeswoman for the White House, during a press briefing on Friday.

The attack "could have a very widespread impact", she added, before calling on communities "which use these servers to act now to protect themselves".

Microsoft chief Tom Burt on Tuesday said his company had released updates to fix the flaws, and urged customers to apply them.

"We know that many state actors and criminal groups will act quickly to take advantage of any unpatched system," he warned.

"Applying patches quickly is the best protection against this attack."

According to Microsoft, Hafnium is based in China but operates through virtual private servers leased in the United States.

Beijing last year accused Washington of defamation over allegations that Chinese hackers were trying to steal research on the coronavirus.

In January, the American authorities had designated Russia as the main suspect of the massive hacking against the company SolarWinds, thus contradicting the former president Donald Trump who had accused China of being at the origin of this intrusion in the software from the US government and thousands of private companies.

Microsoft said Tuesday that the Hafnium attacks "were in no way related to the separate attacks related to SolarWinds."

© 2021 AFP