SECURITY
SECURITY
SECURITY
Microsoft Exchange hack, larger than originally believed, prompts emergency task force
A campaign by Chinese hackers that targeted Microsoft Corp.’s Exchange Server, an attack Microsoft warned about earlier this month, is larger than originally believed and has prompted the establishment of an emergency task force.
The vulnerabilities are being exploited by a group dubbed Hafnium, which is described as being “highly skilled and sophisticated.” The group apparently was attempting to steal information from U.S. targets, including universities, defense contractors, law firms and infectious-disease researchers.
Although Microsoft has released a patch for the vulnerabilities, the concern is that many users have yet to install the updates.
The size of the attack is why it’s back in the news, with an estimated 30,000 U.S. organizations believed to have been hacked by Hafnium. The Biden administration has launched a task force to investigate whether China orchestrated the attack.
The task force, a new multi-agency “Unified Coordination Group” task force will include U.S. Federal Bureau of Investigation and Department of Homeland Security Cybersecurity and Infrastructure Security Agency agents. “We’re now working with our partners and looking closely at the next steps we need to take. This is an active threat still developing and we urge network operators to take it very seriously,” an official told CNN.
“Given the widespread use of Microsoft Exchange, the number of organizations affected is likely to be larger,” Oliver Tavakoli, chief technology officer at AI-driven cybersecurity firm Vectra AI Inc., told SiliconANGLE. “But the SolarWinds Orion platform was present in exceedingly high-profile organizations including agencies of the US government and cybersecurity vendors.”
The extent of the cleanup for this Exchange hack is quite likely even larger since it affects many more organization, Tavakoli added. “But the length of time attackers had to burrow into organizations with the SolarWinds hack means that they had much more opportunity to hide in places from which it may prove very difficult to root them out. This is similar to the SolarWinds supply chain hack in that it affects a very broad set of organizations and will be messy to clean up.”
Image: Microsoft
A message from John Furrier, co-founder of SiliconANGLE:
Support our mission to keep content open and free by engaging with theCUBE community. Join theCUBE’s Alumni Trust Network, where technology leaders connect, share intelligence and create opportunities.
- 15M+ viewers of theCUBE videos, powering conversations across AI, cloud, cybersecurity and more
- 11.4k+ theCUBE alumni — Connect with more than 11,400 tech and business leaders shaping the future through a unique trusted-based network.
About SiliconANGLE Media
SiliconANGLE Media is a recognized leader in digital media innovation, uniting breakthrough technology, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — with flagship locations in Silicon Valley and the New York Stock Exchange — SiliconANGLE Media operates at the intersection of media, technology and AI.
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a dynamic ecosystem of industry-leading digital media brands that reach 15+ million elite tech professionals. Our new proprietary theCUBE AI Video Cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
