The National Cyber Security Center (NCSC), a branch of GCHQ, emphasized that businesses and organizations need to patch their vulnerable Microsoft Exchange servers. Microsoft attributed the attack to the Hafnium hacking network, which they believe is linked to the Chinese government.
An estimated 7,000 to 8,000 servers were affected by the bug, and only half have been patched, according to the agency.
NCSC has contacted 2,300 companies to warn them of the security risk posed by Exchange.
The NCSC’s director of operations, Paul Chichester, insisted that “all organizations must take immediate action to protect their networks”.
He added, “The most important action during this work is to get the latest Microsoft updates.
“Companies should also be exposed to the threat of ransomware and familiarize themselves with our guides.
“All incidents involving UK organizations should be reported to the NCSC.”
READ MORE: Your iPad could be out of date in a few days. So this is VERY bad news for OnePlus
Microsoft reported bugs in their Exchange email servers on March 2, which were exploited by hackers.
It was originally used by a hacking group to gain remote access to email servers from which sensitive data could be stolen.
After Microsoft pointed out the bug, several hacking groups rushed to find unpatched email servers to attack.
The company also blamed the first attack on hafnium, a group “considered government sponsored and operating out of China”.
The “government sponsored” actor was identified by the Microsoft Threat Intelligence Center based on the “tactics and procedures” observed, according to the company.
The Chinese Foreign Ministry denied the allegation, insisting that the country “resolutely oppose and combat all forms of cyber-attack and theft in accordance with the law”.
The attack mainly affected US states and local governments, political think tanks, academic institutions, infectious disease researchers, and companies such as law firms and defense companies, according to Microsoft.
Cybersecurity firm FireEye said last week it had identified several specific victims, “including US-based retailers, local governments, a university and an engineering firm”.
One victim, a person who works at a Washington think tank and was contacted by the FBI, told CNN attackers that they had used unauthorized access to email that person’s contacts in a way that was legitimate looked.
