A cyber attack on Microsoft Corp.
Outlook email software is believed to have infected tens of thousands of businesses, government offices, and schools across the United States.
Many of the victims of the attack, which Microsoft has claimed to have been carried out by a network of suspected Chinese hackers, appear to be small businesses and state and local governments. Estimates of global casualties were approximate and diverged as of Friday. Tens of thousands of customers appear to be affected, but that number could be bigger, people said. It could be higher than 250,000, said one person.
While many of those affected are likely to have little intelligence value due to the targets of the attack, it is also likely to have hit high-quality espionage targets, one respondent said.
The hackers exploited a series of four flaws in Microsoft's Exchange software to break into email accounts, read messages without authorization, and install unauthorized software. These flaws are referred to as zero days by cybersecurity professionals because they relied on previously unknown software flaws, indicating a high level of sophistication among the hackers.
An expanded version of this report is posted on WSJ.com.