The US military is reviewing its networks following a hacking spree linked to a vulnerability that gave backdoor access to tens of thousands of Microsoft Exchange servers, in a massive attack the company has blamed on China.
“We are aware of the Microsoft threat intelligence center’s report. We are currently assessing our networks right now for any evidence of impact,” Pentagon press secretary John Kirby told reporters at a Friday presser. “We’re also taking all necessary steps to identify and remedy any possible issues related to the situation.”
Joint Force headquarters… is coordinating with the National Security Agency and the Cybersecurity and Infrastructure Security Agency on guidance and directives to make sure we can protect DoD networks and IT systems.
Microsoft announced the massive cyber breach on its Exchange email platform earlier this week, noting a vulnerability in its servers had given “long-term access” to hackers while attributing the attack to a group named Hafnium – an allegedly “state-sponsored” outfit operating out of China – with “high confidence.” While the company has since released patches to plug the vulnerability, White House press secretary Jen Psaki warned on Friday that future attacks remain an “active threat.”
“This is a significant vulnerability that could have far-reaching impacts. First and foremost, this is an active threat,” Psaki said at a daily press briefing. “We are concerned there are a large number of victims and we are working with our partners to understand the scope of this.”
US National Security Advisor Jake Sullivan meanwhile warned in a tweet of “potential compromises” not only for American think tanks and other orgs, but for “defense industrial base entities,” though he declined to offer details.
We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities. We encourage network owners to patch ASAP: https://t.co/Q2K4DYWQud
— Jake Sullivan (@JakeSullivan46) March 5, 2021
Cybersecurity analyst Brian Krebs estimated the breach affected up to 30,000 organizations across the US, including “a significant number of small businesses, towns, cities and local governments.” He also said the black-hat group may have infiltrated “hundreds of thousands” of Exchange servers worldwide, citing two anonymous hacking experts who briefed US national security officials on the attack. A Thursday blog post by FireEye, meanwhile, said “US-based retailers, local governments, a university, and an engineering firm” were also swept up in the hack.
The breach appears to have impacted entities well beyond the US, with a Czech government cybersecurity agency stating this week that it is helping affected organizations in the country to secure their networks, while FireEye suggested “a Southeast Asian government and Central Asian telecom” were hit as well.
Like this story? Share it with a friend!