Microsoft software flaw being misused by at least 10 hacking groups: Researchers

WION Web Team
Washington, United StatesUpdated: Mar 11, 2021, 05:32 PM IST

Microsoft Photograph:(Reuters)

Story highlights

Several espionage-focused groups are related to China. The Chinese government, however, has denied any involvement in this

With a rise in technology-driven work all around the world, cybersecurity has become more important now. With Microsoft being one of the front runners of the tech world, a brach in its system can lead to a massive leak of sources.

In such a scenario, at least 10 different hacking groups have identified flaws in Microsoft Corp's mail server and are now utilising the resources to break into several targets around the world. 

The breach was highlighted by the cybersecurity company ESET which also highlighted that the limit of exploitation shows the urgency of these warnings issued by authorities in the US and Europe about the weaknesses found in Microsoft's Exchange software.

This warning has also come after, on Wednesday, Norway's parliament announced that confidential data had been "extracted" in a breach which was linked to these flaws of Microsoft.

In addition to this, Germany's cybersecurity watchdog agency also reported that two federal authorities have been negatively affected by this hack.

While Microsoft claimed that the issues have been fixed, the slow speed at which many customers' updates are happening is leaving the wires partially open to hackers of all stripes, and the patches are not removing any back door access that has already been left on the machines.

In addition, some of the back doors left on compromised machines have passwords that are easily guessed, so that newcomers can take them over.

However, despite this, Microsoft has declined to comment on the pace of customers' updates, but had previously thrust the importance of "patching all affected systems immediately."

While for now, the hack has concentrated on cyber espionage, many fear that the ransom-seeking cybercriminals could also benefit from this hack.

For now, ESEThas named nine espionage-focused groups that it claimed are taking advantage of the flaws of Microsoft to break into targeted networks, many of whom are related to China. The Chinese government, however, has denied any involvement in this.

It has also been reported that some of these groups were aware of the flaws even before they were announced by Microsoft on March 02.