US warns of ‘active threat’ over Microsoft attack

The United States is becoming increasingly concerned about a hack on Microsoft's Exchange email app, which Microsoft has blamed on China.

On Friday, White House press secretary Jen Psaki said, "This is an active threat." "Everyone who runs these servers, whether government, private sector, or academia, needs to fix them right away."

Hackers used Microsoft's mail server to strike their targets, according to the company, reports the BBC.

According to reports, tens of thousands of US businesses may be affected.

Psaki told reporters that the White House is "concerned about the large number of victims" and that the vulnerabilities discovered in Microsoft's servers "may have far-reaching consequences."

In a blog post on Tuesday, Microsoft executive Tom Burt disclosed the breach and announced updates to address security vulnerabilities that he claimed enabled hackers to gain access to Microsoft Exchange servers.

The Microsoft Threat Intelligence Center (MSTIC) attributed the attacks with "strong conviction" to Hafnium, a Chinese-based "state-sponsored threat actor."

The tech giant said Hafnium had tried to steal information from groups such as infectious disease researchers, law firms, higher education institutions and defence contractors.

Reuters news agency, citing a person familiar with the US government response, reported that more than 20,000 organisations had been compromised in the US - and many more worldwide.

Brian Krebs, an industry expert and blogger, put the number higher - citing multiple security sources.

"At least 30,000 organizations across the United States - including a significant number of small businesses, towns, cities and local governments - have over the past few days been hacked by an unusually aggressive Chinese cyber-espionage unit that's focused on stealing email from victim organizations," he wrote in a blog post.

Mr Krebs warned attacks had "dramatically stepped up" since Microsoft's announcement.

News of the breach prompted the US Cybersecurity and Infrastructure Security Agency (Cisa) to release an emergency directive telling agencies and departments to take urgent action.

Jake Sullivan, the White House National Security Adviser, has also urged network owners to download the security patches as soon as possible.
Microsoft has not confirmed the reported figures but said in a further statement on Friday that it was working closely with US government agencies and told customers "the best protection" was "to apply updates as soon as possible across all impacted systems".

This is the eighth time in the past 12 months that Microsoft has publicly accused nation-state groups of targeting institutions critical to civil society.

Microsoft said the attack was in no way related to the SolarWinds attack, which hit US government agencies late last year.

Although Hafnium is based in China, it allegedly conducts its operations primarily from leased virtual private servers in the US, Microsoft said.

China presence

While many US tech firms have had a tumultuous relationship with the Chinese government, Microsoft has maintained a mainland presence since 1992.

Unlike Facebook and Twitter, Microsoft's business-oriented social media platform LinkedIn is still accessible in China.

So, too, is its search engine Bing, although locally-grown Baidu dominates the search market.