Tthe Biden administration is embarking on a ‘whole government response’ to investigate and respond to the cyber attacks against Microsoft’s Exchange Server, which, according to the Big Tech company, is being carried out by a sophisticated Chinese state-backed hacker group.
Microsoft announced last week that it had used “several zero-day exploits” to attack local versions of Microsoft Exchange Server in limited and targeted attacks “and said its Threat Intelligence Center attributed the high-confidence cyber campaign” a hacker group. ‘Hafnium.’ Microsoft said the hacker group was “state-sponsored” and operated out of China.
Over the weekend, the FBI said it was “aware of Microsoft’s emergency solution to previously unknown vulnerabilities in Exchange Server software attributed to the advanced persistent threat actor known by Microsoft as Hafnium.” The office declined to comment on whether this means the FBI is also assessing whether it is a Chinese operation.
“We are undertaking a whole response from the government to assess and address the impact,” a White House official said. Washington Examiner. “The agency for security of cyber security and infrastructure has issued an emergency directive to agencies. High levels of the National Security Council are addressing the incident, working with our public and private partners and looking closely at the next steps we need to take. We will keep you informed. This is an active threat that is still evolving, and we urge network operators to take it very seriously. β
The FBI said it was “working closely with our inter-community and private partners to understand the extent of the threat.”
COMMANDED ADMINISTRATION WARNER ABOUT MICROSOFT EMAIL HACK BROUGHT THE COMPANY IN CHINA
The White House official said the government in Biden was “aware of the public reporting that these actors were stepping up their efforts” and that “this is often the case after a public disclosure, as the attackers know they have been noticed and” an exaggerated attempt to endanger as many victims as possible before plastering their systems. The official requested organizations to quickly recover to their servers.
Last week, Microsoft said the Chinese hackers were using Microsoft vulnerabilities to gain access to email accounts and install additional malware to facilitate long-term access to the victim environments. The company said Hafnium “is primarily targeted at entities in the United States in a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy thinkers and NGOs” and that it “operates primarily from leased virtual operations. Private servers. in the United States. β
The Microsoft Exchange Server handles the enterprise email, calendar, scheduling, contact, and collaboration services. The NSC warned that “patch and mitigation is not redress if the servers have already been compromised” and said: “It is essential that any organization with a vulnerable server take immediate action to determine if they have already been targeted.”
The Cybersecurity and Infrastructure Security Agency said it was “aware of the widespread local and international exploitation of these vulnerabilities” and “strongly recommends” that organizations carry out a safety briefing as soon as possible. Pentagon spokesman John Kirby said on Friday that they were “taking all necessary threats to identify and rectify possible problems with the situation.”
Brian Krebs, cyber security expert, first reported: ‘At least 30,000 organizations across the United States – including a significant number of small businesses, towns, cities and local governments – have been hit by an extremely aggressive Chinese cyber espionage in recent days. unit hacked. it focuses on stealing emails from victim organizations. Numerous other stores quickly cited sources claiming that tens of thousands of customers were likely to be affected.
Cybersecurity Huntress blog claims that ‘the webshell used by these threatening actors is known as the’ China Chopper ‘one-line.’ Another cyber security firm, FireEye, said the vulnerable Microsoft Exchange Server was being exploited in a separate environment by a threatening actor similar to the China Chopper, who he said was “growing in popularity, especially among Chinese cybercriminals.”
White House press secretary Jen Psaki said on Friday that it was a major vulnerability that could have far-reaching consequences and that it was an active threat. She added that “we are concerned that there are a large number of victims and are working with our partners to understand the extent of this.”
Last week, Microsoft’s CEO Tom Burt called the Chinese hacker group ‘a highly skilled and sophisticated actor’, which ‘mainly targets entities in the United States with the aim of filtering information from a number of industry sectors, including researchers of infectious diseases, law firms, higher education institutions, defense contractors, policy thinkers and non-governmental organizations. β
He emphasized that “the operations we are discussing today are in no way related to the separate attacks involving SolarWinds”.
CLICK HERE TO READ MORE OF THE WASHINGTON EXAMINER
The Chinese Foreign Ministry has rejected Microsoft’s claim that China was involved in the newly discovered cyberattacks, just as Russia has denied blame for the SolarWinds hack.