![This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using his computer at their office in Dongguan, China's southern Guangdong province. - From a small, dingy office tucked away in an industrial city in southern China, one of China's last "volunteer hacker" groups maintains a final outpost in its patriotic hacking war. (Photo by NICOLAS ASFOURI / AFP) / TO GO WITH China-hacking-security,FOCUS by Laurie Chen / The erroneous mention[s] appearing in the metadata of this photo by NICOLAS ASFOURI has been modified in AFP systems in the following, we removed the HOLD HOLD HOLD in the main caption. Please immediately remove the erroneous mention[s] from all your online services and delete it (them) from your servers. If you have been authorized by AFP to distribute it (them) to third parties, please ensure that the same actions are carried out by them. Failure to promptly comply with these instructions will entail liability on your part for any continued or post notification usage. Therefore we thank you very much for all your attention and prompt action. We are sorry for the inconvenience this notification may cause and remain at your disposal for any further information you may require. (Photo by NICOLAS ASFOURI/AFP via Getty Images)](https://media.cnn.com/api/v1/images/stellar/prod/210621154549-hackers-keyboard.jpg?q=x_0,y_131,h_1419,w_2523,c_crop/w_1280)
Hackers linked with the governments of China, Iran, North Korea and Turkey have moved to exploit a critical flaw in software used by big tech firms around the world, Microsoft warned late Tuesday.
The activity from the foreign hacking groups includes experimentation with the vulnerability, integration into existing hacking tools and “exploitation against targets to achieve the actor’s objectives,” Microsoft said in a blog post. Microsoft did not say which organizations have been targeted by the hackers; a spokesperson could not be immediately reached for comment.
It’s the latest fallout from the recently revealed software flaw, which the US Cybersecurity and Infrastructure Security Agency says could affect hundreds of millions of devices globally. CISA has ordered all federal civilian agencies to update their software in response to the threat.
The Iranian hacking group using the vulnerability has a history of deploying ransomware, according to Microsoft and other security firms. The Chinese group is the same one behind a hacking campaign against Microsoft Exchange email software earlier this year, which the White House condemned as reckless.
The flaw is in Java-based software known as “Log4j” that organizations around the world use to log information in their applications. The list of affected software providers reads like a who’s who of tech giants, from Cisco to Amazon Web Services to IBM.
While US officials are on high alert over the software bug, Eric Goldstein, a senior CISA official, told reporters Tuesday evening that officials had no evidence that federal networks had been breached using the vulnerability.
Microsoft joined a chorus of other big cybersecurity firms in sounding the alarm that suspected foreign espionage groups were pouncing on the vulnerability.
“We have seen Chinese and Iranian state actors leveraging this vulnerability, and we anticipate other state actors are doing so as well, or preparing to,” said John Hultquist, vice president of intelligence analysis at cybersecurity firm Mandiant. “We believe these actors will work quickly to create footholds in desirable networks for follow on activity which may last for some time.”
