The Biden government is launching an emergency task force to deal with an aggressive cyber attack that has affected hundreds of thousands of Microsoft customers worldwide – the second major hacking campaign to hit the United States since the election.
The attack, first reported by security researcher Brian Krebs on March 5, allowed hackers to access email accounts of at least 30,000 organizations in the United States.
These support channels for remote access can affect credit unions, city governments and small businesses, and have left US officials struggling to reach victims, with the FBI urging on Sunday to contact the law enforcement agency.
The “unusually aggressive” attack has infiltrated accounts using tools that give attackers “complete remote control over the affected systems,” cyber security experts informed on the matter told Krebs.
On Saturday, the Cyber Security and Infrastructure Agency (Cisa) encouraged all organizations that use Microsoft Exchange to scan devices for vulnerabilities. The breach represents “a significant vulnerability that could have far-reaching impacts,” White House press secretary Jen Psaki told a news conference on Friday.
“First of all, this is an active threat,” she said. “We are concerned about the large number of victims and we are working with our partners to understand the scope of this.”
The latest hack comes in the wake of SolarWinds, a separate series of sophisticated attacks attributed to Russia that violated about 100 American companies and nine federal agencies.
Microsoft said it saw “no evidence that the actor behind SolarWinds discovered or exploited any vulnerabilities in Microsoft products and services.”
The researchers say the recent hack started as a controlled attack on some large targets starting in late 2020 and was detected in early January as it developed into a broader campaign. Additional attacks are expected from other hackers as the code used to take control of the email servers spreads.
The Biden government launched a multi-agency effort initiated by the national security council, which includes the FBI, Cisa and others, the US official said, to determine who was hacked, what was done and how to quickly fix the vulnerabilities.
Microsoft released the patches for the attack on Tuesday, but fixing the problem will be more complicated, as these patches do not undo the damage already done, said Oliver Tavakoli, chief technology officer for the California-based security company Vectra.
“Fixing your Exchange servers will prevent an attack if the Exchange server has not yet been compromised,” said Tavakoli. “But that will not undo the base that attackers have on an already compromised Exchange server.”
The European Banking Authority, the European Union’s banking regulator, which collects and stores confidential data about banks and their loans, confirmed on Monday that it was affected. He said he believed the cyber attack hit only his e-mail servers and that no data was obtained. Psaki declined to respond at this weekend’s press conference if any major US government agencies were affected by the breach, and other targets have yet to be identified.
A person working on the U.S. response told Reuters the attack was attributed to an actor supported by the Chinese government. Microsoft also attributed the attack to China. A Chinese government spokesman said the country was not behind the intrusions, according to Reuters.
The latest hack comes in the wake of SolarWinds, a separate series of sophisticated attacks attributed to Russia that violated about 100 American companies and nine federal agencies.
“We continue to see no evidence that the actor behind SolarWinds discovered or exploited any vulnerabilities in Microsoft products and services,” said the company.
A Microsoft spokesman said in a statement that the company is working closely with Cisa, other government agencies and security companies to respond to the hack.
“The best protection is to apply updates as quickly as possible to all affected systems. We continue to assist customers by providing additional investigation and mitigation guidance, ”he said. “Affected customers should contact our support teams for additional help and resources.”
The latest Microsoft hack, which a former national security official reported on the matter called “absolutely massive” in an interview with Wired, may turn out to be bigger than the historically large SolarWinds attack that spawned a Congressional hearing this month. .
At the hearing, technology executives, including Microsoft President Brad Smith, said hacks like these were difficult to resolve, as many organizations did not publicly announce the breaches until long after they were discovered.
In the meantime, dealing with this hack so close to the recent SolarWinds attacks will be difficult for US agencies, said Tavakoli.
“This hack will compete for the same investigative and remedial resources, so having two such broad attacks occurring at almost the same time puts exorbitant pressure on the resources,” he said.
Reuters contributed to this report