A hack of Microsoft’s email server
is not just another data breach. It was apparently caused by China-based hackers and is being monitored by the White House even as it spreads to Europe.
“We are closely tracking
Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base
entities,” National Security Advisor Jake Sullivan tweeted, according to Reuters.
In a blog post on Tuesday, Microsoft reported that a threat actor exploited three vulnerabilities
to “access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim
environments.”
Microsoft Threat Intelligence Center attributed this attack to “HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed
victimology, tactics and procedures.”
The company has addressed the issue and published fixes for the vulnerabilities, but warns: “We strongly urge customers to update
on-premises systems immediately.”
It adds: “Exchange Online is not affected.”
It was not known at deadline how many email addresses were
affected.
Sullivan urged network owners to “patch ASAP.”
Meanwhile, White House press secretary Jen Psaki said: “This is a significant vulnerability that could
have far reaching impacts. We’re concerned that there’re a large number of victims.”
Overseas, Norwegian authorities reported seeing some limited use of if the hacking
tools, and Czech institutions have also been affected, Reuters reports.
Reuters notes that Microsoft was also breached during the SolarWinds attack, and that they accessed and
downloaded “source code — including elements of Exchange, the company’s email and calendaring product.”