“This is an active threat,” White House spokeswoman Jen Psaki said Friday. “Everyone who runs these servers – government, the private sector, academia – must act now to patch them up.”
Later on Friday, the Agency for Cyber Security and Infrastructure Security stressed the risk in unusually clear language, saying in a tweet that the malicious activity, if not canceled, could “allow the attacker to gain control of the entire corporate network.”
In a rare step, White House officials have called on private sector organizations running localized installations of Microsoft Exchange server software to install several critical updates that were published in what information security experts described as an emergency patch release.
Pentagon spokesman John Kirby told reporters Friday that the Department of Defense is currently working to determine if it has been negatively affected by the vulnerability.
“We are aware of this and we are evaluating it,” Kirby said. “And that’s really as far as I can get right now.”
But the malicious activity uncovered this week has nothing to do with hacking SolarWinds, Microsoft said Tuesday.
Microsoft typically releases software updates on the second Tuesday of each month. But as a sign of the seriousness of the threat, Microsoft published fixes addressing the new vulnerabilities – which had never been discovered before – a week earlier.
“We call on network operators to take it very seriously.”
“We call on network operators to take it very seriously,” Psaki said of the directive. The administration is concerned there as “a large number of victims”, she added.
A man working for the Washington think tank told CNN that both her work and personal email accounts have been affected by the attackers. Microsoft warned her that a foreign government was behind it. AOL sent a similar notification to the personal account.
The person was then visited by FBI agents who appeared on her doorstep, reiterating that this was indeed a continuous, sophisticated hacking by a foreign government and that a national FBI investigation was currently underway.
The attackers used their unauthorized access to email the person’s contacts, “Tailoring [the messages] in a way that the recipient will not doubt that I am the sender. “Fraudulent emails from attackers sent to the person ‘s name include invitations to non – existent conferences and refer to an article in her name and a book in the name of a colleague written by them.
Every message, the man said, comes with links asking people to click on them.
Unusually, the US government’s public response to the incident came as a surprise to many experts, reflecting both the Biden administration’s focus on cyber programs compared to the Trump White House and the scale of the threat.
CNN’s Michael Conte and Oren Lieberman contributed to this report.