The US issued an emergency alert after Microsoft said it had caught up with China in its email and calendar server program called Exchange.
The offender, Microsoft said in a blog post, is a hacker group that the company “has a lot of confidence in” and works for the Chinese government, spying primarily on U.S. targets. The latest software update for Exchange is blocking hackers, urging the US Cybersecurity and Infrastructure Security Agency, or CISA, to issue a rare emergency guideline that requires all government networks to do so.
CISA, the U.S.’s primary defensive cybersecurity agency, rarely exercises its authority to demand that the entire U.S. government take steps to protect its cyber security. The move was necessary, the agency said, because Exchange hackers were able to “gain permanent access to the system”. All government agencies have until Friday afternoon to download the latest software update.
In a separate blog post, Microsoft Vice President Tom Burt writes that the hackers recently spied on a wide range of U.S. targets, including disease researchers, law firms and defense contractors.
Burt added that the company saw no evidence that individual consumers were targeted, but stressed that the hacker group had previously conducted an investigation into “researchers from infectious diseases, law firms, higher education institutions, defense contractors, policy thinkers and non-governmental organizations.”
A spokesman for the Chinese embassy in Washington was contacted by email, citing recent comments by Wang Wenbin.
“China has repeatedly reiterated that the virtual nature of cyberspace and the fact that there are all kinds of online actors that are difficult to track down. It is a complex technical issue to track down the source of cyberattacks,” Wang said. .
“We hope that relevant media and companies will adopt a professional and responsible attitude and underline the importance of having enough evidence to identify incidents on the internet, rather than making baseless accusations.”
There was no immediate indication that the hack led to a significant exploitation of the government’s computer networks. But the announcement is the second time in recent months that the U.S. is engaging in a widespread hacking campaign that is believed to be the work of foreign spies.
The US continues to pollute the damage after hackers suspected of being Russian broke into a software management company, SolarWinds, and used the offense to hijack nine federal agencies and about 100 private companies, the White House national security adviser said. , Anne Neuberger, said in February.
As the developer behind the most popular operating system in the world, Windows, Microsoft is considered by Western cyber security experts to be an extraordinary insight into global hacking campaigns.
The campaign not only gave the hackers access to the victims’ emails and calendar invitations, but also to their entire networks, Microsoft said. The hackers used four different ‘zero-day’ uses, which are rare digital tools that get their name because software developers are unaware of them, and have given them no days to prepare fixes.
ESET, a Slovak cyber security company, said on Twitter that his researchers saw several groups of hackers, not just the Microsoft mentioned in his announcement, who also exploit the same vulnerabilities in older versions of Exchange.