More than 30,000 US firms hacked via loopholes in Microsoft Exchange Server

More than 30,000 US companies have been hacked by a Chinese cyber espionage unit.

According to KrebsOnSecurity, the Chinese hackers are using four flaws in Microsoft Exchange Server email software to install malware and give them total, remote control over the affected systems since 6 January.

While Microsoft has released emergency security patches on 2 March, there have been an increase in attacks on unpatched systems worldwide. Organisations who use Exchange Online are not affected; the exploits were found on self-hosted servers running Exchange Server 2013, 2016, or 2019.

The Chinese cyber espionage unit is reportedly called Hafnium, and it is behind a series of targeted attacks on email system used by companies in different industry sectors such as infectious disease research, law firms, education institutions, defense contractors and policy think thanks.

Microsoft says it is working closely with Cybersecurity and Infrastructure Security Agency, other government agencies, and security companies, to provide the best possible guidance and mitigation for affected users.