A hack of Microsoft’s email server is not just another data breach. It was apparently caused by China-based hackers and is being monitored by the White House even as it spreads to Europe.
“We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities,” National Security Advisor Jake Sullivan tweeted, according to Reuters.
In a blog post on Tuesday, Microsoft reported that a threat actor exploited three vulnerabilities to “access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.”
Microsoft Threat Intelligence Center attributed this attack to “HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.”
The company has addressed the issue and published fixes for the vulnerabilities, but warns: “We strongly urge customers to update on-premises systems immediately.”
It adds: “Exchange Online is not affected.”
It was not known at deadline how many email addresses were affected.
Sullivan urged network owners to “patch ASAP.”
Meanwhile, White House press secretary Jen Psaki said: “This is a significant vulnerability that could have far reaching impacts. We’re concerned that there’re a large number of victims.”
Overseas, Norwegian authorities reported seeing some limited use of if the hacking tools, and Czech institutions have also been affected, Reuters reports.
Reuters notes that Microsoft was also breached during the SolarWinds attack, and that they accessed and downloaded “source code — including elements of Exchange, the company’s email and calendaring product.”