German government agencies compromised by Exchange vulnerabilities

Get a free Techzine subscription!

The state security authorities say 4 in 6 breaches represented a “possible compromise”.

The recent wave of hacker attacks on Microsoft Exchange systems has now affected six German federal agencies, according to the German government’s Office for Information Security. which goes by the German acronym BSI. In a security notice issued this week, the BSI warned that “there was a possible compromise in four cases.”

The government would not specify which agencies were involved. They only confirmed that BSI has offered assistance to the offices and employees involved.

A threat so serious, warnings sent by post rather than email

The BSI published their initial security warning last Friday. “Organizations of all sizes have been affected,” it said. The authorities estimated that 9,000 companies and other institutions had been attacked by hackers exploiting four Microsoft email vulnerabilities.

The threat these attacks posed to Exchange systems was judged to be so high that the BSI sent out written warnings of the danger using the postal service rather than via the email system itself.

According to information from Brian Krebs, a journalist specializing in IT security, there are more than 30,000 companies that have been affected in the US alone. Moreover, hundreds of thousands of organizations worldwide may have been hacked through the Exchange vulnerabilities.

IT security researchers had already warned Microsoft of the security gaps in January. The company responded by developing an update for its Exchange platform.

A group of “state actors” may be behind the hacks

A group of hackers named Hafnium is suspected to be behind the attacks. And according to Microsoft it is “very likely” these hackers work for the Chinese government.

According to experts, German companies are more severely affected than average by this Microsoft Exchange weakness. Compared with other countries, the Germans are more likely to operate “on-premise” Exchange systems themselves, either in-house or in a rented data center.

The Exchange Server versions 2013, 2016 and 2019 were all affected by the security vulnerability and were patched by Microsoft’s updates. The vulnerabilities did not exist in cloud versions of Microsoft’s Exchange e-mail service.