In a currently developing story, Microsoft Exchange Server has reportedly being hacked. This is the tech giant’s main server that handles email related stuff. With the amount of critical data contained within emails, we can infer that this is yet another huge attack.
Microsoft did not take too long to blame a China based threat actor that goes by the name of Hafnium. The tech company has went a step further and is claiming that the perpetrator of this attack also had state backing to pull this off.
According to conservative initial estimates, anywhere between twenty to thirty thousand US based entities have been affected. Due to the attack vector being email, the actual magnitude of this cyber incident may be even bigger.
The other alarming aspect of this recent hack is that it has reportedly went on to impact a wide range of institutions across USA. Those affected include both government as well as private sector entities across the country.
As an immediate damage control mechanism, Microsoft has already rolled out a fresh security patch. Thousands of potentially affected individuals are being urged to immediately run this patch in a bid to contain the impact of this crisis.
However, this patch won’t be of much use in the case of systems that are already compromised. Similar cyber security incidents are becoming fairly common and the US government does not take much time to fix the blame mostly on China backed hackers.
It appears that the primary targets of this attack were infectious disease researchers, law firms, higher education institutions and even defense contractors. It also comes as little surprise that China was quick to issue an official rebuttal of any such involvement.
An alarming aspect of many similar cyber breaches is that the targeted countries are blaming state backed actors for such incidents. Any such attack perpetrated in personal capacity or with proper state backing are two very different things.
The other worrying aspect of such attacks is the drastically rising frequency. During the past year or so, Microsoft has publicly accused state backed groups for such incidents nearly eight times. What should worry us though is that such incidents should not happen at all.