“This is an active threat,” White House press secretary Jen Psaki said on Friday. “Everyone who manages these servers – government, private sector, academia – needs to act now to correct them.”
Later on Friday, the Cybersecurity and Infrastructure Security Agency highlighted the risk in unusually simple language, stating in a tweet that malicious activity, if left unchecked, could “allow an attacker to gain control of an entire corporate network” .
In a rare step, White House officials urged private sector organizations that run localized installations of Microsoft Exchange server software to install several critical updates that were released in what information security experts described as an emergency patch release. .
Pentagon press secretary John Kirby told reporters on Friday that the Department of Defense is working to determine whether it has been negatively affected by the vulnerability.
“We are aware of this and assessing it,” said Kirby. “And that is really as far as I am able to go now.”
But the malicious activity disclosed this week is in no way related to the SolarWinds hack, Microsoft said on Tuesday.
Microsoft typically releases software updates on the second Tuesday of each month. But as a sign of the seriousness of the threat, Microsoft published patches that address the new vulnerabilities – which had never been detected until now – a week earlier.
‘We urge network operators to take this very seriously’
“We ask network operators to take this very seriously,” said Psaki of the directive. The government is concerned about “a large number of victims,” she added.
A person working in a Washington think tank told CNN that both his work and his personal email accounts were hit by the attackers. Microsoft sent her a warning that a foreign government was behind this. AOL sent a similar notification to the personal account.
The person was then visited by FBI agents who appeared at his door, repeating that it was a continuous and sophisticated hack by a foreign government and that a national FBI investigation is underway.
The attackers used their unauthorized access to send emails to the person’s contacts, “sewing [the messages] so that the recipient does not doubt that I am the sender. “The attackers’ fraudulent emails sent on behalf of the person included invitations to non-existent conferences and referred to an article in their name and a book on behalf of a colleague, none of which was written by them.
Each message, the person said, came with links asking people to click on them.
The U.S. government’s extraordinarily public response to the incident came as a surprise to many experts, a reflection of the Biden administration’s focus on cyber issues compared to the Trump White House, as well as the scale of the threat.
Michael Conte and Oren Liebermann of CNN contributed to this report.