The United States issued an emergency alert after Microsoft said it caught China hacking its email and calendar server program, called Exchange.
The perpetrator, Microsoft said in a blog post, is a group of hackers that the company has “high confidence” in working for the Chinese government and spying mainly on American targets. The latest Exchange software update blocks hackers by asking the U.S. Infrastructure and Cybersecurity Security Agency, or CISA, to issue a rare emergency policy that requires all government networks to do so.
CISA, the United States’ leading cyber security defensive agency, rarely exercises its authority to demand that the entire United States government take steps to protect its cybersecurity. The change was necessary, the agency said, because Exchange hackers can “get persistent access to the system”. All government agencies have until midday on Friday to download the latest software update.
In a separate blog post, Microsoft vice president Tom Burt wrote that hackers recently spied on a wide range of American targets, including disease researchers, law firms and defense contractors.
Burt added that the company saw no evidence that individual consumers were targeted, but emphasized that the hacker group was already targeting “infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks. and NGOs. “
Contacted by email, a spokesman for the Chinese Embassy in Washington referred to recent comments by spokesman Wang Wenbin.
“China has repeatedly reiterated that, given the virtual nature of cyberspace and the fact that there are all kinds of online actors that are difficult to track, tracing the origin of cyber attacks is a complex technical issue,” said Wang.
“We expect the media and relevant companies to take a professional and responsible attitude and emphasize the importance of having sufficient evidence when identifying cyber incidents, rather than making baseless accusations.”
There was no immediate indication that the hack had led to significant exploitation of government computer networks. But the announcement marks the second time in recent months that the United States has struggled to deal with a broad campaign of hackers believed to be the work of spies from foreign governments.
The United States is still investigating the damage after hackers suspected of being Russian hacked into a software management company, SolarWinds, and used the breach to hack nine federal agencies and about 100 private companies, the House’s national security adviser said. Anne Neuberger in February.
As the developer behind the world’s most popular operating system, Windows, Microsoft is considered by Western cybersecurity experts to have an exceptional view of global hacker campaigns.
The campaign gave hackers access not only to victims’ emails and calendar invitations, but also to all of their networks, Microsoft said. The hackers used four separate “zero-day” exploits, which are rare digital tools that get their name because software developers don’t know them, giving them no days to prepare patches.
ESET, a Slovak cybersecurity company, said on Twitter that its researchers saw several groups of hackers, not just the one that Microsoft cited in its ad, that were also exploiting some of the same vulnerabilities in older versions of Exchange.