The victims - which range from as few as 'tens of thousands' to 'higher than 250,000' Outlook users - appear to primarily be small businesses and state and local governments. One security firm, Mandiant, said in a blog post this week that Exchange Server abuse dates back to January, and that victims also included at least one university and an engineering firm.
The hackers have been exploiting a series of four flaws in Microsoft's Exchange software to break into email accounts and read messages without authorization, and to install unauthorized software, the company said. Those flaws are known as zero days among cybersecurity professionals because they relied on previously undisclosed software bugs, suggesting a high degree of sophistication by the hackers. -WSJ
"It was being used in a really stealthy manner to not raise any alarm bells," said cybersecurity expert, Steven Adair, whose firm Volexity Inc. was one of the first to flag Microsoft about the issue.
On Tuesday, Microsoft went public with the attack and identified the culprits as a Chinese cyperespionage group called Hafnium. Once caught, a software patch was issued - however before that happened, the hackers switched tactics and began using automated software to identify vulnerable servers on the internet and target them, said Adair.
"The attackers cranked up a huge notch over this past weekend," he said, adding "They're just hitting every Exchange server they can find on the internet."