MIT Technology Review
A Chinese government-related hacking campaign that Microsoft released this week has skyrocketed. At least four other different hacking groups are currently targeting critical bugs in Microsoft’s email software in what the US government calls “widespread domestic and international exploitation” that has the potential to affect hundreds of thousands of victims has worldwide.
From January 2021, Chinese hackers called Hafnium exploited vulnerabilities in Microsoft Exchange servers. But since the company publicly announced the campaign on Tuesday, four more groups have joined, and the original Chinese hackers have dropped the pretext of stealth and increased the number of attacks they are carrying out. The growing list of victims includes tens of thousands of US corporations and government agencies targeted by the new groups.
“There are at least five different clusters of activity that appear to be exploiting the vulnerabilities,” said Katie Nickels, who leads an intelligence team at cybersecurity firm Red Canary that investigates the hacks. When tracking cyber threats, intelligence analysts group clusters of hacking activity based on the specific techniques, tactics, procedures, machines, people, and other characteristics they are observing. This allows you to keep track of the hacking threats they are facing.
According to Microsoft, Hafnium is a sophisticated Chinese hacking group that has long been running cyber espionage campaigns against the US. You are an apex predator – precisely the kind that opportunistic and astute scavengers always follow closely.
After Microsoft made its announcement on Tuesday, the activity quickly shifted into a higher gear. However, it remains unclear who exactly these hacking groups are, what they want, and how they access these servers. It’s possible that the original hafnium group sold or shared their exploit code, or that other hackers reverse engineered the exploits based on fixes released by Microsoft, explains Nickels.
“The challenge is that this is all so cloudy and there is so much overlap,” says Nickels. “We have seen that Microsoft has expanded beyond hafnium since the release of hafnium. We have seen activities that differ in tactics, techniques, and procedures from those reported. ”