The United States issued an emergency alert after Microsoft said it caught China hacking its email and calendar server program, called Exchange.
The perpetrator, Microsoft said in a blog, is a group of hackers that the company has “high confidence” in working for the Chinese government and mainly in spying on American targets. The latest Exchange software update blocks hackers, prompting the United States’ Infrastructure and Cybersecurity Security Agency to issue a rare emergency policy that requires all government networks to do so.
CISA, the United States’ leading cyber security defensive agency, rarely exercises its authority to demand that the entire United States government take protective measures to protect its cybersecurity. The move was necessary, the agency announced, because Exchange hackers can “get persistent access to the system.” All government agencies have until midday on Friday to download the latest software update.
In a separate blog post, Microsoft vice president Tom Burt wrote that hackers recently spied on a wide range of American targets, including disease researchers, law firms and defense contractors.
Contacted by email, a spokesman for the Chinese embassy in Washington referred to recent comments by spokesman Wang Wenbin.
“China has repeatedly reiterated that, given the virtual nature of cyberspace and the fact that there are all kinds of online actors that are difficult to track, tracing the origin of cyber attacks is a complex technical issue,” said Wang.
“We expect the relevant media and company to adopt a professional and responsible attitude and emphasize the importance of having sufficient evidence when identifying cyber incidents, rather than making unfounded accusations.”
There was no immediate indication that the hack led to a significant exploitation of the United States government’s computer networks. But the announcement marks the second instance in recent months that the United States has endeavored to address a broad campaign of hackers, considered the work of spies from foreign governments.
The United States is still investigating the damage after suspected Russian hackers hacked a software management company, SolarWinds, and used this breach to prepare hacks that hit nine federal agencies and about 100 private companies, according to comments by the deputy. White House National Security Advisor Anne Neuberger in February.
As the developer behind the world’s most popular operating system, Windows, Microsoft is considered by Western cybersecurity experts to have an exceptional view of global hacker campaigns.
The campaign not only gave hackers access to victims’ emails and calendar invitations, but to their entire network, Microsoft said. The hackers used four distinct “zero-day” exploits, which are rare digital tools that get their name because software developers don’t know them, giving them no days to prepare a fix.
ESET, a Slovak cybersecurity company, said on Twitter that its researchers saw several groups of hackers, not just the one that Microsoft cited in its announcement, but also exploiting some of the same vulnerabilities in older versions of Exchange.