UPDATED 22:09 EDT / MARCH 08 2021

SECURITY

Microsoft Exchange hack, larger than originally believed, prompts emergency task force

A campaign by Chinese hackers that targeted Microsoft Corp.’s Exchange Server, an attack Microsoft warned about earlier this month, is larger than originally believed and has prompted the establishment of an emergency task force.

The vulnerabilities are being exploited by a group dubbed Hafnium, which is described as being “highly skilled and sophisticated.” The group apparently was attempting to steal information from U.S. targets, including universities, defense contractors, law firms and infectious-disease researchers.

Although Microsoft has released a patch for the vulnerabilities, the concern is that many users have yet to install the updates.

The size of the attack is why it’s back in the news, with an estimated 30,000 U.S. organizations believed to have been hacked by Hafnium. The Biden administration has launched a task force to investigate whether China orchestrated the attack.

The task force, a new multi-agency “Unified Coordination Group” task force will include U.S. Federal Bureau of Investigation and Department of Homeland Security Cybersecurity and Infrastructure Security Agency agents. “We’re now working with our partners and looking closely at the next steps we need to take. This is an active threat still developing and we urge network operators to take it very seriously,” an official told CNN.

“Given the widespread use of Microsoft Exchange, the number of organizations affected is likely to be larger,” Oliver Tavakoli, chief technology officer at AI-driven cybersecurity firm Vectra AI Inc., told SiliconANGLE. “But the SolarWinds Orion platform was present in exceedingly high-profile organizations including agencies of the US government and cybersecurity vendors.”

The extent of the cleanup for this Exchange hack is quite likely even larger since it affects many more organization, Tavakoli added. “But the length of time attackers had to burrow into organizations with the SolarWinds hack means that they had much more opportunity to hide in places from which it may prove very difficult to root them out. This is similar to the SolarWinds supply chain hack in that it affects a very broad set of organizations and will be messy to clean up.”

Image: Microsoft

A message from John Furrier, co-founder of SiliconANGLE:

Your vote of support is important to us and it helps us keep the content FREE.

One click below supports our mission to provide free, deep, and relevant content.  

Join our community on YouTube

Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.

“TheCUBE is an important partner to the industry. You guys really are a part of our events and we really appreciate you coming and I know people appreciate the content you create as well” – Andy Jassy

THANK YOU