Home https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ Business https://server7.kproxy.com/servlet/redirect.srv/sruj/smyrwpoii/p2/ The White House warns of an “active threat” from hackers in Microsoft emails

The White House warns of an “active threat” from hackers in Microsoft emails

“This is an active threat,” White House spokeswoman Jen Psaki said Friday. “Everyone who runs these servers – government, the private sector, academia – must act now to patch them up.”

Psaki’s warnings followed a statement from National Security Adviser Jake Sullivan on Thursday night, stressing how concerned the Biden administration is. He called on IT administrators across the country to install software patches immediately. Sullivan said the U.S. government is monitoring reports that U.S. think tanks may have been compromised by the attack, as well as “defense industrial bases.”

Later on Friday, the Agency for Cyber ​​Security and Infrastructure Security stressed the risk in unusually clear language, saying in a tweet that the malicious activity, if not canceled, could “allow the attacker to gain control of the entire corporate network.”


In a rare step, White House officials have called on private sector organizations running localized installations of Microsoft Exchange server software to install several critical updates that were published in what information security experts described as an emergency patch release.

Microsoft says a group of cyberattacks linked to China have hit their Exchange email servers
Cybersecurity firm FireEye said Thursday it has already identified a number of specific victims, including “US-based retailers, local authorities, a university and an engineering firm.”

Pentagon spokesman John Kirby told reporters Friday that the Department of Defense is currently working to determine if it has been negatively affected by the vulnerability.

“We are aware of this and we are evaluating it,” Kirby said. “And that’s really as far as I can get right now.”

Microsoft revealed this week that it has learned about several vulnerabilities in its server software used by suspected Chinese hackers. In the past, Microsoft said, the responsible hacking group – which Microsoft calls Hafnium – has gone after “infectious disease researchers, law firms, universities, defense contractors, think tanks and NGOs.” The group has not previously been identified to the public, according to Microsoft.
The announcement marks the latest information security crisis to hit the United States after FireEye, Microsoft and others announced an alleged Russian hacking campaign that began with the intrusion of IT software company SolarWinds. These efforts have led to a compromise between at least nine federal agencies and dozens of private companies.

But the malicious activity uncovered this week has nothing to do with hacking SolarWinds, Microsoft said Tuesday.

Microsoft typically releases software updates on the second Tuesday of each month. But as a sign of the seriousness of the threat, Microsoft published fixes addressing the new vulnerabilities – which had never been discovered before – a week earlier.

“We call on network operators to take it very seriously.”

The Department of Homeland Security also issued an urgent directive Tuesday, requiring federal agencies to either update their servers or shut them down. This is only the sixth such directive since the creation of CISA in 2015 and the second in three months.

“We call on network operators to take it very seriously,” Psaki said of the directive. The administration is concerned there as “a large number of victims”, she added.

After the Hafnium attackers compromised an organization, Microsoft said it was known to download data such as address books and gain access to its user account database.

A man working for the Washington think tank told CNN that both her work and personal email accounts have been affected by the attackers. Microsoft warned her that a foreign government was behind it. AOL sent a similar notification to the personal account.

Former SolarWinds CEO accuses trainee of leaking solarwinds123 password

The person was then visited by FBI agents who appeared on her doorstep, reiterating that this was indeed a continuous, sophisticated hacking by a foreign government and that a national FBI investigation was currently underway.

The attackers used their unauthorized access to email the person’s contacts, “Tailoring [the messages] in a way that the recipient will not doubt that I am the sender. “Fraudulent emails from attackers sent to the person ‘s name include invitations to non – existent conferences and refer to an article in her name and a book in the name of a colleague written by them.

Every message, the man said, comes with links asking people to click on them.

“This is the real deal,” Christopher Krebs, the former director of CISA, tweeted. “If your organization runs an OWA server exposed to the Internet, accept a compromise between 02 / 26-03 / 03.”
In its own consultation, CISA called on network security officials to start looking for evidence of intrusion as early as September 2020.

Unusually, the US government’s public response to the incident came as a surprise to many experts, reflecting both the Biden administration’s focus on cyber programs compared to the Trump White House and the scale of the threat.

“Is this the first time the National Security Adviser has promoted a particular patch?” John Hulquist, vice president of FireEye’s intelligence intelligence, wondered aloud.
“When you wake up from [National Security Advisor] and [Press Secretary] tweeting about cyber “, tweeted Bailey Beckley, a spokesman for the National Security Agency, adding star emoticons and quoting Sullivan’s tweet from the night before.

CNN’s Michael Conte and Oren Lieberman contributed to this report.

Source link