The US issued an emergency alert after Microsoft said it had caught up with China in its email and calendar server program called Exchange.
The offender, Microsoft said in a blog post, is a hacker group that the company “has a lot of confidence in” and works for the Chinese government, spying primarily on U.S. targets. The latest software update for Exchange is blocking hackers, urging the U.S. Cybersecurity and Infrastructure Security Agency to issue a rare emergency guideline that requires all government networks to do so.
CISA, the U.S.’s primary defensive cyber security agency, rarely exercises its authority to demand that the entire U.S. government take protective steps to protect its cyber security. The move was necessary, the agency announced, as the Exchange hackers ‘are able to gain persistent system access’. All government agencies have until Friday afternoon to download the latest software update.
In a separate blog post, Microsoft Vice President Tom Burt writes that the hackers recently spied on a wide range of U.S. targets, including disease researchers, law firms and defense contractors.
A spokesman for the Chinese embassy in Washington was contacted by email, citing recent comments by Wang Wenbin.
“China has repeatedly reiterated that the virtual nature of cyberspace and the fact that there are all kinds of online actors that are difficult to detect, and tracing the source of cyber attacks is a complex technical issue,” Wang said.
“We hope that relevant media and companies will take a professional and responsible stance and emphasize the importance of having enough evidence when identifying cyber-related incidents, rather than making baseless accusations.”
There was no immediate indication that the hack led to a significant exploitation of U.S. government networks. But the announcement is the second time in recent months that the U.S. has scrambled to address a widespread burglary campaign, believed to have been the work of foreign spies.
The US is still investigating the damage after suspected Russian hackers broke into a software management company, SolarWinds, and used the offense to set up hacks hitting nine federal agencies and about 100 private companies, according to comments from White House Deputy Anne Neuberger, National Security Adviser, in February.
As the developer behind the most popular operating system in the world, Windows, Microsoft is considered by Western cyber security experts to be an extraordinary insight into global hacking campaigns.
The campaign not only gave the hackers access to the victims’ emails and calendar invitations, but also to their entire network, Microsoft said. The hackers used four different ‘zero-day’ uses, which are rare digital tools that get their name because software developers were unaware of them, and gave them no days to prepare a solution.
ESET, a Slovak cyber security company, said on Twitter that its researchers have seen several hacker groups, not just the one Microsoft mentioned in its announcement, and also exploit the same vulnerabilities in older versions of Exchange.