The National Cyber Security Centre (NCSC), a branch of GCHQ, stressed businesses and organisations need to patch their vulnerable Microsoft Exchange servers. Microsoft attributed the attack to hacking network Hafnium, which they believe to be linked to the Chinese Government.
An estimated 7,000 to 8,000 servers were affected by the flaw, and only half had been patched according to the agency.
NCSC have been in contact with 2,300 businesses to warn them of the Exchange security risk.
The NCSC’s director for operations, Paul Chichester, insisted is is “vital that all organisations take immediate steps to protect their networks”.
He added: “Whilst this work is ongoing, the most important action is to install the latest Microsoft updates.
“Organisations should also be alive to the threat of ransomware and familiarise themselves with our guidance.
“Any incidents affecting UK organisations should be reported to the NCSC.”
Microsoft shared on March 2 flaws in their Exchange email servers were exploited by hackers.
It was initially used by a hacking group to gain remote access to email servers, from which it could steal sensitive data.
After Microsoft called attention to the fault, multiple hacking groups rushed to find unpatched email servers to attack.
The company also blamed the initial attack on Hafnium, a group the company “assessed to be state sponsored and operating out of China”.
The “state-sponsored” actor was identified by the Microsoft Threat Intelligence Centre based on observed “tactics and procedures,” according to the company.
China’s Ministry of Foreign Affairs rubbished the accusation, and insisted the country “firmly opposes and fights all forms of cyber-attacks and thefts in accordance with the law.”
The attack primarily affected US state and local governments, policy think tanks, academic institutions, infectious disease researchers and businesses such as law firms and defence contractors, according to Microsoft.
Cybersecurity firm FireEye also shared last week it identified multiple specific victims “including US-based retailers, local governments, a university and an engineering firm.”
One victim, a person working at a Washington think tank who was contacted by the FBI, told CNN attackers had used the unauthorised access to email that person’s contacts in a way that looked legitimate.
Published at Sat, 13 Mar 2021 00:58:00 +0000