A cyberattack on Microsoft Corp.’s MSFT, +2.15% Outlook email software is believed to have infected tens of thousands of businesses, government offices and schools in the U.S., people briefed on the matter told The Wall Street Journal.
Many of those victims of the attack, which Microsoft has said was carried out by a network of suspected Chinese hackers, appear to be small businesses and state and local governments. Estimates of total world-wide victims were approximate and ranged broadly as of Friday. Tens of thousands of customers appear to have been affected, but that number could be larger, the people said. It could be higher than 250,000, one person said.
While many of those affected likely hold little intelligence value due to the targets of the attack, it is likely to have netted high-value espionage targets as well, one of the people said.
The hackers have been exploiting a series of four flaws in Microsoft’s Exchange software to break into email accounts and read messages without authorization, and to install unauthorized software, the company said. Those flaws are known as zero days among cybersecurity professionals because they relied on previously undisclosed software bugs, suggesting a high degree of sophistication by the hackers.
An expanded version of this report appears on WSJ.com.