GCHQ issues urgent warning to businesses after suspected China hack of Microsoft

The warning follows what Microsoft said was a state-sponsored espionage campaign from a group based in China.

The UK’s National Cyber Security Centre, a part of GCHQ, is warning businesses to urgently update their Microsoft email servers following a state-sponsored espionage campaign.

The NCSC has stressed the immediate need for organisations to patch their vulnerable Microsoft Exchange servers, amid warnings that the careless techniques used by the attackers could also enable criminals to piggyback into victims’ networks.

Sky News understands there were no compromises of public sector organisations in the UK as a result of the state-sponsored attack using vulnerabilities in Microsoft Exchange.

Security officials believe there could be up to 8,000 vulnerable Microsoft servers in the country’s private sector, although they estimate roughly half of these may have been patched.

Last week, government security authorities amplified Microsoft’s urgent call for customers running on-premise Exchange servers to apply the patch, and the company is now warning that there are multiple groups taking advantage of unpatched systems.

After compromising email servers belonging to these organisations, Microsoft said the attackers created web shells – interfaces which allow them to remotely access the compromised network even after the original vulnerabilities were patched – which is provoking additional concern.

Security officials have addressed 2,300 webshells across businesses in the UK, but more could remain undetected.

The NCSC’s director for operations, Paul Chichester, said: “We are working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organisations take immediate steps to protect their networks.

“Whilst this work is ongoing, the most important action is to install the latest Microsoft updates.

Category: Technology

Source: Sky