- On Tuesday, Microsoft said its Exchange product was hacked by a Chinese state-backed entity.
- At least 30,000 companies and government agencies were affected by the hack, which started in January.
- The Biden government is creating a task force to investigate the attack, CNN reported.
- Visit the Business section of the Insider for more stories.
President Joe Biden’s administration is launching a task force to investigate the recent invasion of a popular Microsoft product, allegedly backed by Beijing, CNN reported.
On Tuesday, Microsoft said its Exchange e-mail server was hacked by the “Hafnium” group with the support of the Chinese state. The breach began in early January and was discovered by cybersecurity company Volexity.
Wang Wenbin, a spokesman for the Chinese Foreign Ministry, said on Wednesday that there was insufficient evidence to prove the Chinese state’s involvement.
The number of organizations affected by the hack, which included government agencies and companies, has reached at least 30,000, according to cybersecurity reporter Brain Krebs.
A former US national security officer told WIRED that the hack was “absolutely massive”, adding that “we are talking about thousands of servers compromised per hour, globally”.
The Microsoft logo.
Sam Yeh / Getty Images
As a result of the hack, a US official told CNN that a new multi-agency task force from the “Unified Coordination Group” will include agents from the FBI and the Cyber Security and Infrastructure Agency (CISA).
“We are now working with our partners and looking closely at the next steps we need to take. This is an active threat still under development and we ask network operators to take it very seriously,” the official told CNN.
Microsoft said Hafnium is a “highly qualified and sophisticated actor” and, in a statement, explained how the attack unfolded.
“First, he would have access to an Exchange Server with stolen passwords or using unknown vulnerabilities to disguise himself as someone who should have access. Second, he would create what is called a web shell to control the compromised server remotely. Third, he would use this remote access – run from private servers based in the United States – to steal data from an organization’s network, “said Microsoft.
Since then, the company has released a security update that fixed issues with Exchange versions from 2013 to 2019 and recommended that users install the updates immediately.
On Friday, Jen Psaki, the White House press secretary, told reporters on Friday that the Exchange servers had “significant” weaknesses.
The White House still considers the situation an “active threat”, CNN said.
Jeff Jones, senior director at Microsoft, told The New York Times: “We are working closely with CISA, other government agencies and security companies to ensure that we are providing the best guidance and mitigation possible for our customers.”