The hackers behind the powerful set of digital intrusion tools exposed this week have racked up a worrying number of victims, the White House said Friday, the latest indication that the cyber espionage campaign targeting Microsoft Corp’s Exchange email software poses a serious threat.
Wielding tools that exploited four previously unknown vulnerabilities, the allegedly Chinese group that Microsoft dubs “Hafnium” has been breaking into email servers since January, remotely and silently siphoning information from their inboxes without having to send a single malicious email or rogue attachment.
Few victims of the hackers have been made public so far. Microsoft said this week that targets included infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and non-governmental groups.
On Tuesday, researchers at Dell Technologies’ Secureworks said the pace of break-ins began spiking overnight last Sunday, something others have read as an indication that the hackers ramped up their activity because they knew they were about to be exposed.
Much of the activity was concentrated in the United States, but victims have popped up around the world.
Norwegian authorities said they had seen “limited” use of the hacking tools in their country. The Prague municipality and the Czech Ministry for Labor and Social Affairs were among those affected, according to a European cyber official briefed on the matter.
The official said that the technique’s ease of exploitation meant that the hackers had effectively been enjoying a “free buffet” since the beginning of the year.
The worry now is that others may be about to join the feast.
Although Microsoft has published fixes for the vulnerabilities and the U.S. government – including National Security Adviser Jake Sullivan – has urged users to update their software, in practice not everyone is. Meanwhile, hackers are studying the fixes to reverse engineer Hafnium’s tools and appropriate them for themselves.
Once that happens, experts say, the targeting may get even more aggressive.