WASHINGTON: More than 20,000 U.S. organizations have been compromised through a back door installed via recently patched flaws in Microsoft Corp's email software, a person familiar with the U.S. government's response said on Friday.
The hacking has already reached more places than all of the tainted code downloaded from SolarWinds Corp, the company at the heart of another massive hacking spree uncovered in December.
The latest hack has left channels for remote access spread among credit unions, town governments and small businesses, according to records from the U.S. investigation.
Tens of thousands of organizations in Asia and Europe are also affected, the records show.
The hacks are continuing despite emergency patches issued by Microsoft on Tuesday.
Microsoft, which had initially said the hacks consisted of "limited and targeted attacks," declined to comment on the scale of the problem on Friday but said it was working with government agencies and security companies to provide help to customers.
It added, "impacted customers should contact our support teams for additional help and resources."
One scan of connected devices showed only 10% of those vulnerable had installed the patches by Friday, though the number was rising.
Because installing the patch does not get rid of the back doors, U.S. officials are racing to figure out how to notify all the victims and guide them in their hunt.
All of those affected appear to run Web versions of email client Outlook and host them on their own machines, instead of relying on cloud providers. That may have spared many of the biggest companies and federal government agencies, the records suggest.
The federal Cybersecurity and Infrastructure Security Agency did not respond to a request for comment.
Earlier on Friday, White House press secretary Jen Psaki told reporters that the vulnerabilities found in Microsoft's widely used Exchange servers were "significant," and "could have far-reaching impacts."
"We're concerned that there are a large number of victims," Psaki said.
Microsoft and the person working with the U.S. response blamed the initial wave of attacks on a Chinese government-backed actor. A Chinese government spokesman said the country was not behind the intrusions.
What started as a controlled attack late last year against a few classic espionage targets grew last month to a widespread campaign. Security officials said that implied that unless China had changed tactics, a second group may have become involved.
More attacks are expected from other hackers as the code used to take control of the mail servers spreads.
The hackers have only used the back doors to re-enter and move around the infected networks in a small percentage of cases, probably less than 1 in 10, the person working with the government said.
"A couple hundred guys are exploiting them as fast as they can," stealing data and installing other ways to return later, he said.
The initial avenue of attack was discovered by prominent Taiwanese cyber researcher Cheng-Da Tsai, who said he reported the flaw to Microsoft in January. He said in a blog post that he was investigating whether the information leaked.
He did not respond to requests for further comment.
Reuters
Sat Mar 06 2021
A Microsoft logo is seen on an office building in New York City on July 28, 2015. REUTERS pic
Who is Prabowo Subianto, incoming president of Indonesia?
A wealthy ex-general with ties to Indonesia's popular outgoing president and its dictatorial past, looks set to be its next leader.
Iran's supreme leader says Hamas leader's death will not halt 'Axis of Resistance'
The "Axis of Resistance", built up with years of Iranian support, includes Hamas, the Lebanese Hezbollah group, the Houthi movement in Yemen, and various Shi'ite groups in Iraq and Syria.
Putin says Russia willing to seek compromises between Iran and Israel
Russia is ready to help seek compromises between arch-foes Israel and Iran, President Vladimir Putin said on Friday, saying these would be difficult but possible.
What proposals will Russia push at the BRICS summit?
The proposal is also to establish a BRICS reinsurance company to allow uninterrupted shipment of goods and key commodities between members.
Indonesia's free meals plan in the spotlight as Prabowo readies for office
Prabowo calls the programme one of the main drivers of economic growth, eventually set to add an estimated 2.5 million jobs.
Astro AWANI's revamped English news website, AWANI International, launches on Oct 21
Astro AWANI's revamped English platform delivers in-depth global news and expert analysis to keep you informed on key developments.
Israeli strikes kill 33 people in Jabalia refugee camp in Gaza, medics say
Residents of Jabalia said Israeli tanks had reached the heart of the camp after pushing through suburbs and residential districts.
Liam Payne's ex-partner calls for media restraint after 'painful' death
Cheryl Tweedy used her statement to urge the media to remember they had a seven-year-old son, Bear, who could read the reports.
Analysts: Indonesia's strong MoF leadership team to boost investor confidence
Sri Mulyani Indrawati as head of Indonesia's Ministry of Finance is expected to instil confidence among investors.
Biden offers both a carrot and a stick to Israel as his term nears an end
Israel has frequently resisted US advice and has caused political difficulties for the Biden administration.
Putin says BRICS will generate most of global economic growth
Russian President Vladimir Putin will host a summit of the group in the city of Kazan on Oct. 22-24.
ISIS Malaysia's perspective of Budget 2025
An excellent rakyat-centric budget under the overarching principle of a caring and humane economy.
Budget 2025: Record increase in STR, SARA aid initiatives
The government will provide a significant boost to the Sumbangan Tunai Rahmah (STR) and Sumbangan Asas Rahmah (SARA) initiatives next year.
Budget 2025: EPF contributions to be made mandatory for foreign workers – PM Anwar
The government plans to make it compulsory for all non-citizen workers to contribute to the Employees Provident Fund (EPF).
What policies to expect from Indonesia's new President Prabowo
Prabowo will be open to foreign investment, his aide has said, such as by offering investors management of airports and sea ports.
Budget 2025: Govt allocates RM470 mil to empower women's participation in PMKS
The Women's Leadership Apprenticeship Program will be intensified as an effort to produce more female corporate personalities.
Israel sends more troops into north Gaza, deepens raid
Residents of Jabalia in northern Gaza said Israeli tanks had reached the heart of the camp, using heavy air and ground fire.
Indonesia ramps up security ahead of Prabowo's inauguration
Prabowo Subianto will be sworn in as Indonesia's president on Sunday with Vice President-elect, Gibran Rakabuming Raka, also taking office.
Immediate allocation of RM150 mil for local authorities, DID to tackle flash floods
Datuk Seri Anwar Ibrahim said this allocation is intended to address the recent flash floods that hit the capital and several major towns.
Budget 2025: Sabah, Sarawak to continue receiving among highest allocations - PM
Sabah and Sarawak continues to be prioritised under Budget 2025, with allocations of RM6.7 billion and RM5.9 billion respectively.