The Biden administration is launching an emergency task force to address an aggressive cyber attack that has affected hundreds of thousands of Microsoft customers around the world – the second major US hacking campaign since the election.
The attack, first reported by security researcher Brian Krebs on March 5, allowed access to the email accounts of at least 30,000 organizations in the US.
These behind-the-scenes channels for remote access can affect credit unions, town governments and small businesses, and have left U.S. officials struggling to reach victims. The FBI requested them on Sunday to contact the law enforcement agency.
The “extremely aggressive” attack infiltrated into accounts using tools that give the attackers “total, remote control over the affected systems”, cyber security experts said on the subject.
The Cybersecurity and Infrastructure Security Agency (Cisa) on Saturday urged all organizations to use Microsoft Exchange to scan devices for vulnerabilities. The offense represents a “serious vulnerability that could have far-reaching consequences,” White House Press Secretary Jen Psaki told a news conference on Friday.
“It’s an active threat in the first place,” she said. “We are concerned that there are a large number of victims and are working with our partners to understand the extent of this.”
The latest hack comes on the heels of SolarWinds, a separate series of sophisticated attacks attributed to Russia that has violated about 100 U.S. companies and nine federal agencies.
Microsoft said there was “no evidence that the actor behind SolarWinds discovered or exploited any vulnerabilities in Microsoft products and services”.
Researchers say the recent crackdown began as a controlled attack on some major targets that began in late 2020 and was detected in early January when it developed into a more widespread campaign. Additional attacks are expected from other hackers as the code used to take control of the email servers spreads.
The Biden government has launched an effort by a multi-agency agency initiated by the National Security Council, which includes the FBI, Cisa and others, the U.S. official said to determine who was hacked, what was done and how to recover the vulnerabilities quickly. .
Oliver Tavakoli, chief technology officer at security firm Vectra, California, said Microsoft first issued patches for the attack, but resolving the issue would be more complicated.
“Uploading their Exchange servers will prevent an attack if their Exchange server has not yet been compromised,” Tavakoli said. “But it will not undo the grip that attackers have on an Exchange server.”
The European Banking Authority, the European Union’s banking regulator, which collects and stores very sensitive data on banks and their lending, confirmed on Monday that it had been affected. According to him, the cyber attack only believed to hit his email servers and that no data was obtained. During this weekend’s press conference, Psaki did not want to answer whether any major US government bodies were affected by the violation, and that other targets had not yet been named.
A person working with the US response told Reuters that the attack on a Chinese government-backed actor was blamed. Microsoft also attributed the attack to China. A Chinese government spokesman said according to Reuters that the country was not behind the invaders.
The latest hack is on the heels of SolarWinds, a separate series of sophisticated attacks attributed to Russia that have violated about 100 U.S. companies and nine federal agencies.
“We still see no evidence that the actor behind SolarWinds has discovered or exploited any vulnerabilities in Microsoft products and services,” the company said.
A Microsoft spokesman said in a statement that the company was working closely with Cisa, other government agencies and security companies to respond to the hack.
‘The best protection is to apply updates to all affected systems as quickly as possible. We continue to help customers by providing additional guidelines for investigation and mitigation, ”he said. “Affected customers should contact our support teams for additional assistance and resources.”
The most recent Microsoft hack, which one former national security official mentioned in an interview with Wired on the matter, is ultimately bigger than the historically large SolarWinds attack that sparked a congressional hearing this month.
During the trial, technical executives, including Microsoft President Brad Smith, said it was difficult to address hacks like this, as many organizations did not publicly announce violations until they were discovered.
Meanwhile, U.S. agencies will have a hard time dealing with this hack so close to SolarWinds’ recent attacks, Tavakoli said.
“This cap will compete for the same investigative and remedial resources, and the fact that two such broad-based attacks are taking place near the same time puts the resources excessively large,” he said.
Reuters contributed to this report