Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Business https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ The White House warns of ‘active threat’ from Microsoft email hackers

The White House warns of ‘active threat’ from Microsoft email hackers

“This is an active threat,” White House Press Secretary Jen Psaki said Friday. “Everyone running these servers – the government, the private sector, academia – must act now to patch them.”

Psaki’s warnings followed a tweet by National Security Adviser Jake Sullivan on Thursday night, stressing how concerned the Biden administration is. He urged IT administrators nationwide to install software solutions immediately. Sullivan said the U.S. government is monitoring reports that U.S. think tanks may have been compromised by the attack as well as “defense industry base units.”

Later on Friday, the Cybersecurity and Infrastructure Security Agency stressed the risk in unusually common language and said in a tweet that the malicious activity, if left unchecked, could “enable a hacker to gain control of an entire corporate network.”


In a rare move, White House officials have urged private-sector organizations running localized installations of Microsoft Exchange server software to install more critical updates that were released in what information security experts described as an emergency update.

Microsoft says a group of cyber-attackers tied to China hit its Exchange email servers
Cybersecurity firm FireEye said Thursday that it had already identified a number of specific victims, including “U.S.-based retailers, local governments, a university and an engineering firm.”

Pentagon Press Secretary John Kirby told reporters on Friday that the Department of Defense is currently working to determine if it has been adversely affected by the vulnerability.

“We are aware of it and we are assessing it,” Kirby said. “And that’s really as far as I’m able to go right now.”

Microsoft revealed this week that it had become aware of several vulnerabilities in its server software being exploited by suspected Chinese hackers. Earlier, Microsoft said that the responsible hacker group – which Microsoft calls Hafnium – has gone after “infectious disease researchers, law firms, higher education institutions, defense contractors, political think tanks and NGOs.” That group had not previously been identified to the public, according to Microsoft.
The announcement marked the latest information security crisis affecting the United States, after FireEye, Microsoft and others reported on a suspected Russian hacking campaign that started by infiltrating IT software company SolarWinds. This effort has led to compromise between at least nine federal agencies and dozens of private companies.

But the malicious activity revealed this week is in no way related to the SolarWinds hack, Microsoft said Tuesday.

Microsoft typically releases software updates on the second Tuesday of each month. But in a sign of the threat of seriousness, Microsoft released patches addressing the new vulnerabilities – which had never been discovered until now – a week early.

‘We urge network operators to take it very seriously’

The Department of Homeland Security also released an emergency directive on Tuesday requiring federal agencies to either update their servers or shut them down. It is only the sixth such directive since the formation of CISA in 2015 and the second in three months.

“We urge network operators to take it very seriously,” Psaki said of the directive. The administration is concerned there as a “large number of victims,” ​​she added.

When the Hafnium attackers compromise an organization, Microsoft said they have been known to download data such as address books and access its user account database.

A person working in a think tank in Washington told CNN that both her work and personal email accounts were hit by the attackers. Microsoft sent her a warning that a foreign government was behind it. AOL sent a similar notification about the personal account.

Former SolarWinds CEO blames trainee for 'solarwinds123' password leak

The person was then visited by FBI agents who showed up at her front door and reiterated that this was in fact an ongoing, sophisticated hack by a foreign government and that a nationwide FBI investigation is underway.

The attackers had used their unauthorized access to the person’s email contacts, “tailored [the messages] in a way that the recipient will not doubt that I am the sender. The attackers’ fraudulent emails sent in the person’s name contained invitations to non-existent conferences, referring to an article in her name and a book in a colleague’s name, none of which were written by them.

Every message, the person said, came with links asking people to click on them.

“This is the right deal,” tweeted Christopher Krebs, the former CISA director. “If your organization runs an OWA server that is exposed to the Internet, you must compromise between 02 / 26-03 / 03.”
In its own advice, CISA urged network security officials to start looking for evidence of burglary as far back as September 2020.

The U.S. government’s unusual public response to the incident came as a surprise to many experts, a reflection of both the Biden administration’s focus on cyber issues compared to Trump’s White House as well as the scale of the threat.

“Is this the first time the National Security Adviser is promoting a specific program?” John Hultquist, vice president of FireEye’s Mandiant Threat Intelligence arm, wondered aloud.
“When you wake up to [National Security Advisor] and [Press Secretary] tweets about cyber, “tweeted Bailey Bickley, a top spokesman for the National Security Agency, who added a” starstruck “emoji and quoted Sullivan’s tweet from the night before.

CNN’s Michael Conte and Oren Liebermann contributed to this report.

Source link