The White House has urged computer network operators to take further steps to determine if their systems have been hacked into Microsoft Corp.’s Outlook email program. were affected. A recently released software patch still left serious security holes.
“This is an active threat that is still developing and we urge network operators to take it very seriously,” a White House official said Sunday, adding that senior US security officials were working to decide what next steps should be taken after the breach.
The US television broadcaster CNN reported separately on Sunday that the Biden administration had set up a task force to combat the hack. The White House official said in a statement that the government had given “an entire government response.”
While Microsoft released a patch last week to fix bugs in its email software, the agent still leaves a so-called back door open that allows access to compromised servers and continues further attacks by others.
“We cannot stress enough that patching and downgrading is not a fix if the servers have already been compromised, and it is important that any organization with a vulnerable server take action to see if they have already been targeted,” said the White House official.
An unidentified source told Reuters news agency that more than 20,000 US organizations had been compromised by the hack Microsoft accused China.
When asked whether Microsoft attributes the attack on China, a spokesman for the Chinese Foreign Ministry said on Wednesday that the country “firmly opposes and combats cyberattacks and cyber theft in all forms” and that blaming a particular nation is a “highly sensitive political problem.” be. .
The Bloomberg news agency reported, citing a former high-ranking US official who was aware of the investigation, that the attack had claimed 60,000 known victims worldwide.
The return channels for remote access can affect credit unions, city governments, and small businesses, and have led US officials to reach out to victims. The FBI asked her to contact law enforcement on Sunday.
The European Banking Authority has become one of the recent victims as access to personal information via email on Microsoft’s server may have been compromised.
Others identified so far include banks and electricity companies, as well as retirement homes and an ice cream parlor, according to Huntress, a US-based company that monitors customer safety, in a blog post on Friday.
Those affected appear to be hosting web versions of Microsoft’s Outlook email program on their own computers instead of cloud providers, potentially sparing many large corporations and federal agencies, research records show.
Microsoft has asked affected clients to apply software updates as soon as possible [File: Dado Ruvic/Reuters]A Microsoft representative said Sunday it was working with the government and others to guide customers and the company urged affected customers to apply software updates as soon as possible.
Neither the company nor the White House determined the extent of the hack. Microsoft initially said it was limited, but the White House last week expressed concern about the potential for “large numbers of casualties”.
So far, only a small percentage of the infected networks have been compromised through the back door, the source previously told Reuters, but further attacks are expected.
The hacking group Microsoft calls Hafnium appears to have broken into private and government computer networks via the company’s popular Exchange email software for a few months, and initially has only a small number of them, according to Steven Adair, head of Victims attacked Volexity in the US. The cybersecurity firm helped Microsoft identify the bugs used by the hackers for which the software giant released a fix on Tuesday.
The result is a second cybersecurity crisis that occurs just months after alleged Russian hackers violated nine federal agencies and at least 100 companies through manipulated updates from IT management software maker SolarWinds LLC.
Both the recent incident and the SolarWinds attack demonstrate the fragility of modern networks and the sophistication of government-sponsored hackers in identifying hard-to-find vulnerabilities or even creating them for espionage purposes. They also involve complex cyberattacks with an initial explosion radius of a large number of computers, which then narrows as the attackers focus their efforts. The resolution can take weeks or months for affected organizations.
In the event of Microsoft bugs, simply applying company-provided updates will not remove the attacker from a network. A review of the affected systems is needed, said Charles Carmakal, senior vice president at FireEye Inc, a US-based cybersecurity company. And the White House stressed the same, including tweets from the National Security Council urging the growing list of victims to carefully search their computers for any signs of the attackers.
Initially, the hackers appeared to be focused on high-quality intelligence targets in the United States, Adair said. Everything changed about a week ago. Other unidentified hacking groups began hacking thousands of victims within a short period of time and injecting hidden software that could later give them access, he said.
Adair said other hacking groups may have found the same flaws and started their own attacks – or that China may want to capture as many victims as possible and then find out what information had intelligence value.
In both cases, the attacks were so successful – and so fast – that the hackers apparently found a way to automate the process. “If you run an Exchange server, you are most likely a victim,” he said.
Data from other security companies suggests the scope of the attacks might not be all that bad. Huntress researchers examined around 3,000 vulnerable servers on their partners’ networks and found around 350 infections – or just over 10 percent.