The U.S. has issued an emergency warning after Microsoft said it caught China hacking into its mail and calendar server program, called Exchange.
The perpetrator, Microsoft said in a blog post, is a hacker group that the company has “high confidence” is working for the Chinese government and primarily spies on American targets. The latest software update for Exchange blocks the hackers, prompting the U.S. Cybersecurity and Infrastructure Security Agency to issue a rare emergency directive that requires all government networks do so.
CISA, the U.S.’s primary defensive cybersecurity agency, rarely exercises its authority to demand the entire U.S. government take protective steps to protect its cybersecurity. The move was necessary, the agency announced, because the Exchange hackers are able “to gain persistent system access.” All government agencies have until noon Friday to download the latest software update.
In a separate blog post, Microsoft Vice President Tom Burt wrote that the hackers have recently spied on a wide range of American targets, including disease researchers, law firms and defense contractors.
Contacted by email, a spokesperson for the Chinese embassy in Washington referred to recent comments by spokesperson Wang Wenbin.
“China has reiterated on multiple occasions that given the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, tracing the source of cyber attacks is a complex technical issue,” Wang said.
“We hope that relevant media and company will adopt a professional and responsible attitude and underscore the importance to have enough evidence when identifying cyber-related incidents, rather than make groundless accusations.”
There was no immediate indication that the hack led to significant exploitation of U.S. government computer networks. But the announcement marks the second instance in recent months that the U.S. scrambled to address a widespread hacking campaign believed be the work of foreign government spies.
The U.S. is still in the process of sussing out the damage after suspected Russian hackers broke into a software management company, SolarWinds, and used that breach to stage hacks that hit nine federal agencies and about 100 private companies, according to comments from White House Deputy National Security Advisor Anne Neuberger in February.
As the developer behind the most popular operating system in the world, Windows, Microsoft is regarded by Western cybersecurity experts as having exceptional insight into global hacking campaigns.
The campaign not only gave the hackers access to the victims’ emails and calendar invitations but to their entire network, Microsoft said. The hackers used four distinct “zero-day” exploits, which are rare digital tools that get their name because software developers are unaware of them, giving them no days to prepare a fix.
ESET, a Slovakian cybersecurity company, said on Twitter that its researchers had seen multiple hacker groups, not just the one Microsoft named in its announcement, also exploiting some of the same vulnerabilities in older versions of Exchange.