- On Tuesday, Microsoft said its Exchange product had been hacked by a state-backed Chinese entity.
- At least 30,000 businesses and government bodies were affected by the crackdown, which began in January.
- The Biden government is setting up a task force to investigate the attack, CNN reported.
- Visit the Insider Business Department for more stories.
President Joe Biden’s administration is launching a task force to investigate the recent hack of a popular Microsoft product, allegedly backed by Beijing, CNN reports.
On Tuesday, Microsoft said its Exchange email server had been hacked by the “Hafnium” group with the support of the Chinese state. The breach began in early January and was discovered by cyber security firm Volexity.
Wang Wenbin, a spokesman for the Chinese Foreign Ministry, said on Wednesday there was insufficient evidence to prove the Chinese state’s involvement.
According to cybersecurity reporter Brain Krebs, the number of organizations affected by the hack, which includes government agencies and businesses, has counted.
A former U.S. national security official told WIRED that the hack was “absolutely massive” and added that “we are talking thousands of servers that are being compromised per hour worldwide.”
The Microsoft logo.
Sam Yeh / Getty Images
As a result of the hack, a US official told CNN that a new task force “Unified Coordination Group”, a multi-agency task force, would include the FBI and the Agency (CISA) of the Security Agency (CISA) .
“We are working closely with our partners and looking closely at the next steps we need to take. This is an active threat that is still evolving and we urge network operators to take it very seriously,” the official told CNN.
Microsoft said Hafnium was a “highly capable and sophisticated actor” and said in a statement how the attack unfolded.
“Firstly, it would gain access to an Exchange Server with stolen passwords, or by using the previously undiscovered vulnerabilities to hide itself as someone who would have access. Secondly, it would create a web shell to remotely control the fraudster “Third, it would use remote access – based on US servers – to steal data from an organization’s network,” Microsoft said.
The company has since released a security update that fixed issues in versions of Exchange from 2013 to 2019 and recommended that users install updates immediately.
On Friday, White House press secretary Jen Psaki told reporters on Friday that the Exchange servers had ‘significant’ weaknesses.
The White House still sees the situation as an ‘active threat’, CNN said.
Jeff Jones, a senior executive at Microsoft, told The New York Times: “We work closely with CISA, other government agencies and security companies to ensure we provide the best possible guidance and mitigation for our customers.”