The United States issued an emergency warning after Microsoft said it discovered China hacking into its mail and calendar server program, called Exchange.
The perpetrator, Microsoft said in a blog post, is a hacking group that the company has “high confidence” that works for the Chinese government and primarily spies on US targets. The latest software update for Exchange blocks hackers, prompting the US Cybersecurity and Infrastructure Security Agency to issue a rare emergency directive that requires all government networks to do so.
CISA, the leading US defensive cybersecurity agency, rarely exercises its authority to require the entire US government to take protective measures to protect its cybersecurity. The move was necessary, the agency announced, because Exchange hackers can “gain persistent access to the system.” All government agencies have until noon on Friday to download the latest software update.
In a separate blog post, Microsoft Vice President Tom Burt wrote that hackers have recently spied on a wide range of American targets, including disease researchers, law firms, and defense contractors.
Contacted by email, a spokesman for the Chinese embassy in Washington referred to recent comments by spokesman Wang Wenbin.
“China has reiterated multiple times that given the virtual nature of cyberspace and the fact that there are all kinds of online actors that are difficult to trace, tracing the source of cyberattacks is a complex technical issue,” Wang said.
“We expect the relevant media and business to take a professional and responsible attitude and underscore the importance of having sufficient evidence when identifying cyber-related incidents, rather than making baseless allegations.”
There was no immediate indication that the hacking led to significant exploitation of US government computer networks. But the announcement marks the second instance in recent months that the United States has rushed to tackle a widespread hacking campaign that It is believed to be the work of spies from foreign governments.
The United States is still in the process of suspecting damage after suspected Russian hackers broke into a software management company, SolarWinds, and used that breach to stage attacks that affected nine federal agencies and about 100 private companies, according to the comments of the White House deputy. National Security Advisor Anne Neuberger in February.
As the developer behind the world’s most popular operating system, Windows, Western cybersecurity experts consider Microsoft to have exceptional insight into global hacking campaigns.
The campaign not only gave the hackers access to victims’ emails and calendar invitations, but to their entire network, Microsoft said. The hackers used four different “zero-day” exploits, which are rare digital tools that get their name because software developers don’t know about them, so they don’t have days to prepare a solution.
ESET, a Slovak cybersecurity company, said on Twitter that its researchers had seen various hacker groups, not just the one Microsoft named in its announcement, but also exploiting some of the same vulnerabilities in earlier versions of Exchange.