By Sean Lyngaas, CNN
Hackers linked to the governments of China, Iran, North Korea and Turkey decided to exploit a critical flaw in the software used by big tech companies around the world, Microsoft warned Tuesday night.
The activity of foreign hacking groups includes experimentation with vulnerability, integration into existing hacking tools and “exploitation against targets to achieve actor goals,” Microsoft said in a statement. blog post. Microsoft did not specify which organizations were targeted by the hackers; a spokesperson could not be immediately reached for comment.
This is the latest fallout from the recently exposed software flaw, which the US Agency for Cyber and Infrastructure Security has said could affect hundreds of millions of devices around the world. The CISA has ordered all federal civilian agencies to update their software in response to the threat.
The Iranian hacking group using the vulnerability has a habit of deploying ransomware, according to Microsoft and other security companies. The Chinese group is the same one behind a hacking campaign against Microsoft Exchange email software earlier this year, which the White House condemned as reckless.
The flaw lies in Java-based software known as “Log4j” that organizations around the world use to store information in their applications. The list of affected software vendors reads like a who’s who of tech giants, from Cisco to Amazon Web Services to IBM.
While US officials are on high alert regarding the software bug, Eric Goldstein, a senior CISA official, told reporters on Tuesday evening officials had no evidence that federal networks were breached using the vulnerability.
Microsoft has joined a chorus of other big cybersecurity companies in sounding the alarm that suspected foreign spy groups were rushing to the vulnerability.
“We have seen Chinese and Iranian state actors take advantage of this vulnerability, and we expect other state actors are doing it as well, or are preparing to do so,” said John Hultquist, vice president of analysis of the intelligence of the cybersecurity company Mandiant. “We believe that these actors will work quickly to create anchor points in desirable networks for follow-up activity which may last for some time.”
™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.