President Biden assembles task force to tackle major Microsoft hack

Written by Sam Trendall on 10 March 2021 in News
News

Vendor’s Exchange Server has been hit with reported China-sponsored attack

Credit: PA

US president Joe Biden has formed a task force to monitor and combat a major cyberattack on Microsoft’s Exchange Server software.

The vendor first revealed earlier this month that it had detected what it claimed was an assault backed by the Chinese government that “has engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software”.

The attack, which Microsoft named Hafnium, “primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks and NGOs”, according to a blog from Microsoft corporate vice president Tom Burt.

The number of organisations that may have been affected by the hack is not clear, although is widely reported to be tens of thousands; the Wall Street Journal cited a source who claimed the figure could be as high as 250,000.

In light of this, the president is creating a team to keep tabs on the matter and support work to combat the attack and assist in recovery.


Related content


In a recent briefing, White House press secretary Jen Psaki said: “This is a significant vulnerability that could have far-reaching impacts. First and foremost, this is an active threat.  And… everyone running these servers — government, private sector, academia — needs to act now to patch them. We are concerned that there are a large number of victims and are working with our partners to understand the scope of this.”

She added: “Network owners also need to consider whether they have already been compromised and should immediately take appropriate steps. The Cybersecurity and Infrastructure Security Agency issued an emergency directive to agencies, and we’re now looking closely at the next steps we need to take… We urge network operators to take it very seriously.”

In the last week, Microsoft has released a number of updates and security patches – including for Exchange Server products that were previously no longer supported by the vendor.

Organisations are advised to upgrade to the latest version of all programs as soon as practicable – but are also warned that this will not expel attackers who have already breached their network.

“[We] strongly recommend investigating your Exchange deployments using [our] hunting recommendations… to ensure that they have not been compromised,” said an update from the vendor’s online security centre. “We recommend initiating an investigation in parallel with or after applying one of the [suggested] mitigation strategies.”

The blog from Burt claimed that, although the attack stemmed from China, it was launched “primarily from leased virtual private servers in the United States”.

“The attacks included three steps,” he added. “First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what’s called a web shell to control the compromised server remotely. Third, it would use that remote access – run from the US-based private servers – to steal data from an organisation’s network.”

 

About the author

Sam Trendall is editor of PublicTechnology

Share this page

Tags

Categories

CONTRIBUTIONS FROM READERS

Please login to post a comment or register for a free account.

Related Articles

Related Sponsored Articles

Optimising the Benefits of Hybrid IT
7 April 2021

SolarWinds explains how public sector organisations can make the most of their hybrid IT investments - delivering services that are both innovative and reliable 

Avoid Infrastructure Paralysis: Six benefits of moving legacy Oracle workloads to the cloud
6 April 2021

There are many reasons to keep your Oracle workloads running on local servers. But there are even more reasons to move them to the cloud as part of a wider digital transition strategy. Six Degrees...

How are Government employees responding to the challenge of multi-agency collaboration in 2021?
10 March 2021

Seven years after the Home Office shared findings from its 'Multi-Agency Working and Information Sharing Project', Huddle asks - where are we today? 

Tackling vaccination misinformation with local government communications
9 March 2021

As misinformation about the coronavirus vaccine spreads, Granicus outlines key considerations for local government when delivering a successful vaccine communications campaign