The US is expressing growing concern over a hack on Microsoft’s Exchange email software that the tech company has blamed on China.
“This is an active threat,” White House press secretary Jen Psaki said on Friday. “Everyone running these servers – government, private sector, academia – needs to act now to patch them.
Microsoft said hackers had used its mail server to attack their targets. It is reported that tens of thousands of US organisations may be impacted. The US has long accused the Chinese government of cyber-espionage, something Beijing denies.
Ms Psaki told reporters that the White House was “concerned that there are a large number of victims” and said the vulnerabilities found in Microsoft’s servers “could have far-reaching impacts”.
On Saturday, the US National Security Council said it was “essential that any organisation with a vulnerable server take immediate measures” to determine if they had been targeted.
The Microsoft Threat Intelligence Center (MSTIC) attributed the attacks with “high confidence” to a “state-sponsored threat actor” based in China which they named Hafnium.
The tech giant said Hafnium had tried to steal information from groups such as infectious disease researchers, law firms, higher education institutions and defence contractors.
A spokesman for the Chinese government told Reuters news agency that the country was not behind the hack. Beijing has repeatedly rejected US accusations of cyber-crime.
More than 20,000 organisations have been compromised in the US with many more affected worldwide, Reuters reported.
Patching and mitigation is not remediation if the servers have already been compromised. It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted. https://t.co/HYKF2lA7sn
— National Security Council (@WHNSC) March 6, 2021
Brian Krebs, an industry expert and blogger, put the number higher – citing multiple security sources.
“At least 30,000 organizations across the United States – including a significant number of small businesses, towns, cities and local governments – have over the past few days been hacked by an unusually aggressive Chinese cyber-espionage unit that’s focused on stealing email from victim organizations,” he wrote in a blog post.
Mr Krebs warned attacks had “dramatically stepped up” since Microsoft’s announcement.
In other news – Sarah Langa reveals how she made her first million
Sarah Langa has taken to social media to reveal how she got her first million.
Sarah Langa has taken to social media to reveal how she got her first million. Learn more
Source: BBC NEWS
