Hundreds of UK firms compromised by Exchange email hack

Hundreds of UK companies have been compromised as part of a global campaign that has been linked to Chinese hackers. Cyber-security firm Eset has said more than 500 email servers in the UK may have been hacked – with many not knowing they have been victims of the attack. The race is now on for affected companies to check for recent compromises to their systems and ensure no webshells have been installed on their servers.

The hacking campaign was first announced by Microsoft on 2nd March and has been blamed on a Chinese government-backed hacking group called Hafnium. Microsoft said the group was using never-before-seen hacking techniques to infiltrate the email systems of US companies, via the popular email system, Microsoft Exchange Server – meaning large corporations and public bodies across the world were also at threat from the cyber attack.

Microsoft released software updates for the so-called ‘zero-day’ exploits and urged customers to install them to protect themselves. According to cyber-security researchers at Eset, as many as 10 different hacking groups are using the zero-day exploits to target companies from 115 different countries.

Hackers are reportedly using webshells as a way of gaining entry into a system. A webshell is a piece of computer code that can act like a backdoor into a computer network. It means that if hackers are successful in gaining access to a computer network, they then have the ability to either steal or spy on email messages, or use the access to launch more crippling cyber-attacks. Cyber-security researchers at Eset say they have detected the backdoors on 5,000 separate servers – with more than 500 of these being in the UK.

Governments around the world are warning organisations to ensure their systems are secure with cyber security.