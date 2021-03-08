Microsoft says a hacking group tied to China's government had exploited a vulnerability in its Exchange servers. A report says 60,000 users have been affected.

The mail-server hack that Microsoft (MSFT) - Get Report uncovered has affected 60,000 users globally, and the number is expected to grow as more companies patch the vulnerability and discover the intrusion, a report says.

Many of the affected users seem to be small or medium-sized businesses, according to Bloomberg News.

Over the weekend, the White House warned of an active hacking threat involving the Redmond, Wash., software giant's email servers. Microsoft said hackers used its mail servers to attack targets, with tens of thousands of U.S. organizations potentially affected.

The attack has been under way since at least Jan 3, b.ut what was originally a "very stealthy" attack became "really noisy and very aggressive" over the past week, CNBC reported.

Four previously unknown vulnerabilities in the Microsoft Exchange software were being used in the attacks.

Microsoft last week issued emergency patches for the vulnerabilities while attributing the attacks to a newly discovered hacking team it calls Hafnium, with ties to the Chinese government.

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency issued an order to federal agencies to apply the patches or to simply disconnect vulnerable servers.

CISA warned that it was "aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run [the security patch] as soon as possible."

The attackers deployed so-called web shells, or remote access points to compromised systems, on Exchange servers to steal data and install malware.

Microsoft is a holding in Jim Cramer's Action Alerts PLUS member club. Want to be alerted before Jim Cramer buys or sells MSFT? Learn more now.