WHAT YOU NEED TO KNOW:
- The US Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency warning to all government agencies networks following a Microsoft revelation that China hacked its mail and calendar server ‘Exchange.’
- Beijing’s spokesman Wang Wenbin refuted the hacking claim.
- Microsoft said that the hackers were able to access the entire network of its US targets.
Following Microsoft’s discovery that China was hacking into its mail and calendar server program Exchange, the US has released an emergency warning.
In a blog post, Microsoft believed that the hacker group was working for Beijing that aimed at spying on US targets.
The latest software update made available for Exchange alerted the US Cybersecurity and Infrastructure Security Agency (CISA), which resulted in an unusual issuance of an emergency directive, compelling all government networks to update their system.
As the country’s main defensive cybersecurity agency, CISA rarely enforces its authority to mandate the US government in protecting and tightening its cybersecurity. The agency said that the move was needed since the perpetrators were able “to gain persistent system access.” All governmental organizations are compelled to download the latest software update on or before Friday noon.
In another blog post, Microsoft Vice President Tom Burt said that the perpetrators have infiltrated a broad scope of American information which includes law firms, defense contractors, and disease experts.
Burt also said that they observed no patterns of targeting specific consumers, but noted that the hackers have targeted “infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs” in the past.
In response to the news, Chinese spokesman Wang Wenbin issued an email statement as shared by the Chinese Embassy in Washington.
“China has reiterated on multiple occasions that given the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, tracing the source of cyberattacks is a complex technical issue,” Wang said.
“We hope that relevant media and company will adopt a professional and responsible attitude and underscore the importance to have enough evidence when identifying cyber-related incidents, rather than make groundless accusations.”
It was not yet clear whether the cyberattack resulted in stealing massive government data. It was the second time that the US endured massive hacking assaults in recent months. Authorities believed that foreign government spies were behind the attack.
Per Microsoft, the hackers were able to access the entire network of its US targets and not just their emails and calendar invitations.
Hackers were able to get the information of their targets using rare digital equipment such as four distinct “zero-day” exploits, leaving software developers unaware with no room to address the penetration.
Meanwhile, Slovakian cybersecurity company firm ESET announced on Twitter that they observed multiple hacker groups, aside from the group identified by Microsoft. ESET said that the groups have exploited older Exchange versions with similar datasets.