MS "Complete Recovery Difficult for Servers Already Breached"
[Asia Economy Reporter Kim Suhwan] Thousands of Microsoft (MS) email servers in the United States that were targeted by a cyberattack reportedly sponsored by a hacker group linked to the Chinese government earlier this month remain exposed to hackers.
According to Bloomberg News on the 22nd (local time), Brandon Wales, acting director of the Cybersecurity and Infrastructure Security Agency under the U.S. Department of Homeland Security, stated, "Some of the email servers of U.S. government agencies and companies that were hacked earlier this month are still exposed to security threats." He added, "Additional measures must be taken on networks at risk of intrusion to prevent hacker access."
Earlier, on the 2nd, MS revealed that a Chinese hacker group called HAFNIUM exploited vulnerabilities in its email servers to attempt hacking and data theft targeting U.S. institutions. Approximately 120,000 email servers belonging to U.S. government agencies, companies, higher education institutions, and defense contractors were reportedly attacked. Immediately after this was disclosed, MS distributed an emergency security patch to prevent further damage.
However, even with the security patch applied, servers already exposed to hackers have not been fully restored. MS stated in a release on the 15th, "Servers successfully accessed by hackers will not have their issues resolved by the security patch alone." Bloomberg News reported that hackers who have accessed these servers may have implanted malicious programs in the network to steal security files and could demand ransom in exchange for returning those files.
Meanwhile, as of last week, security patches have been applied to 45% of the servers confirmed vulnerable to the hacking attack. A spokesperson for the U.S. National Security Council said, "Vulnerabilities in over 100,000 email servers have been resolved so far," and added, "Security patches for the remaining 10,000 servers will be applied soon."
© The Asia Business Daily(www.asiae.co.kr). All rights reserved.
