Image source: David Mark / Pixabay
The Biden administration is closely following a newly-discovered breach of Microsoft Corporation’s (Nasdaq: Chart MSFT - $279.43 7.82 (2.799%) ) servers for its popular mail and calendar program, Exchange, which was reportedly carried out by Chinese hackers in late January.
Calling it an “active threat” with “a large number of victims,” White House press secretary Jen Psaki told reporters Friday, “We are still looking closely at what happened and the next steps that need to be taken.”
“Everyone running these servers – government, private sector, academia – needs to act now to patch them. We are concerned there are a large number of victims and we are working with our partners to understand the scope of this. So, it’s an ongoing process.”
Psaki’s comments followed a tweet Thursday evening by national security adviser Jake Sullivan urging IT administrators nationwide to install software fixes immediately. He also said the US government is monitoring reports that “defense industrial base entities,” as well as think tanks, may have been compromised by the hack.
The US Cybersecurity and Infrastructure Security Agency (CISA) issued a rare emergency directive requiring all government networks to download the latest software update by Friday.
According to the agency, the order was necessary because the vulnerabilities enable hackers “to gain persistent system access and control of an enterprise network.”
Microsoft disclosed last week that a “highly skilled and sophisticated” state-sponsored entity in China hacked its way into its Exchange servers in order to steal information from a number of organizations, such as universities, law firms, non-governmental organizations, defense contractors, infectious disease researchers and policy think tanks.
According to Microsoft, hackers took advantage of four previously undetected software vulnerabilities to attack servers “which enabled access to email accounts and [enabled] installation of additional malware to facilitate long-term access to victim environments.”
Microsoft declined to identify specific targets or say how many organizations were affected. It is however urging organizations that use its Exchange server software to install the newly-released security patch.
The attacks, Microsoft believes, were carried out by HAFNIUM, “a group assessed to be state-sponsored and operating out of China” that “primarily targets entities in the United States across a number of industry sectors.”
When asked for comment by NBC News Friday, Chinese foreign ministry spokesman Wang Wenbin told the outlet, “China has reiterated on multiple occasions that given the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, tracing the source of cyber attacks is a complex technical issue," Wang said.
"We hope that relevant media and [Microsoft] will adopt a professional and responsible attitude and underscore the importance to have enough evidence when identifying cyber-related incidents, rather than make groundless accusations."
Source: Equities News