US President Joe Biden will establish a task force to investigate the attack on the Microsoft Exchange email system.
The major hack, of which details are still coming to light, may have compromised email accounts for up to 250,000 organisations around the world.
The attack leveraged a previously unknown zero-day flaw in Microsoft’s email software, along with some stolen passwords, to steal data from the targeted networks. The company has also warned that other attackers are looking to exploit the same vulnerabilities.
At present, the exact scale of the attack is unknown, with at least 30,000 US organisations affected. This number may even be as high as 60,000. Microsoft is blaming China-based hacking group Hafnium for the attack.
The latest move by Biden demonstrates how the attack, which Microsoft initially downplayed as “limited,” is beginning to evolve into a major global cybersecurity crisis.
“This is a significant vulnerability that could have far-reaching impacts,” said White House Press Secretary Jen Psaki. “First and foremost, this is an active threat. And as the National Security Advisor tweeted last night, everyone running these servers — government, private sector, academia — needs to act now to patch them.”
The Unified Coordination Group will include multiple US agencies, including the FBI. They will aim to uncover the extent of the breach and how to patch vulnerabilities.
Currently, there are fears that the perpetrators had access to the Microsoft Exchange systems for months, given them ample time to steal information.
Amongst the targets is the European Banking Authority, which has said its email servers have been compromised in the attack. It has claimed that no personal data was stolen. An attack on the group could potentially access sensitive data about European banks.
- Who hacks the hackers? Dark web cybercrime forums taken down
- Working from home set to stay for public sector employees
- Scottish Apprenticeship Week | Old and new skills in cybersecurity
A New York Times report has claimed that the US is preparing a series of retaliatory strikes against Russia, to be delivered in coming weeks. This was in response to the SolarWinds attack, which allowed hackers to compromise systems used by, among others, the US State Department and parts of the Pentagon.
With the US having been subject to two major cybersecurity events in recent months, pressure is ramping up on the US government to develop its defences.
Furthermore, the China-backed Microsoft hack coming right as the US is preparing to strike Russia for the SolarWinds breach illustrates the escalating cybersecurity situation the country faces.
Microsoft was slow to react to the vulnerabilities – the company was aware of the vulnerabilities in January, but took two months to issue patches and acknowledge the threat, without mentioning the scale of the attack.
Researchers have warned that the attack may have started as early as late 2020, with attacks on some large targets, before escalating.
The UK’s National Cyber Security Centre (NCSC) has advised companies to ensure that they have installed all necessary updates to their Microsoft Exchange systems immediately.