Cybersecurity group FireAa announced on Thursday night that it had found evidence that hackers had exploited vulnerabilities in a popular micro .ft email application to target groups in various sectors since early January.
FireEx analysts wrote in a blog post that the company observed hackers – who Microsoft announced earlier this week as a Chinese state-sponsored hacking group known as “Hafnium” – at least one of the firefighters targeted Microsoft clients at Microsoft’s Microsoft Exchange Exploitation begins in January.
Since then, FireA has found evidence that hackers went after an array of victims, including “U.S. Based retailers, local governments, a university, and an engineering firm, ”with the Southeast Asian government and Central Asian Telecom.
The news comes two days after Microsoft said a Chinese hacking group was actively exploiting previously unknown security flaws in Exchange servers to track down groups running the program.
Microsoft has noted that Hafnium was previously known for stealing information from organizations, including Infectious disease researchers, law institutes, higher education institutes, defense contractors, policy think tanks and NGOs.
Firerie analysts wrote Thursday night that “the activity recorded by Microsoft aligns with our observations.”
“The activities we have observed, together with others in the information security industry, suggest that these threatening artists may be using Exchange Server vulnerabilities to gain a foothold in the environment,” the analysts wrote. “This activity is quickly followed by additional access and continuous mechanisms. As mentioned earlier, we have a number of ongoing cases and will continue to provide insights as we respond to intrusions. “
The federal government could also be affected by email application vulnerabilities, which Microsoft released a patch earlier this week.
Cybersecurity and Infrastructure Security Agency (CISA) issued a Crisis points Signs of agreement require federal agencies to investigate and patch or disconnect from the Exchange Server program if compromised.
Jack SullivanJack Sullivan hits Biden China? Biden needs to work better for a detailed ‘roadmap’ for a partnership with Canada in a meeting with Iran, hostages and Dezu Woo-Trudeau., President BidenBiden West needs more collaborative approach for Taiwan before allowing Abbott’s medical advisers to take up the Texas mask order before allowing George Floyd Justice in the House Policing Act MoreThe National Security Adviser encouraged all network owners to implement the micro .ft patch immediately on Thursday night.
“We are closely monitoring Microsoft’s Emergency Patch for reports of previously unknown vulnerabilities in Exchange Server software and potential compromises for U.S. think tanks and defense industry-based companies.” Tweeted.
Former CISA director Christopher Krebs also underlined the potential seriousness of the breach, To tweet Thursday night that “this is the real deal” and encouraged organizations running Exchange Server to go into “event response mode”.
The newly discovered settlement comes as the federal government is still investigating a massive Russian cyber espionage attack that began at least a year before the discovery.
The breach, known as the Solarwinds hack, involved hackers exploiting IT group Solarwinds’ software to target its 18,000 customers. As of last month, at least nine federal agencies and 100 private sector groups had been compromised.
Both FireEye and MicroSFT were among the compromising groups involved in the hacking operation, which Fireie was credited with drawing attention to after the incident came to light in December.
.