Here’s what we know so far about the massive Microsoft Exchange hack

Mar 10, 2021, 5:34 AM
KONSKIE, POLAND - JUNE 17, 2018: Signing in for a Microsoft account on a new modern smartphone...
KONSKIE, POLAND - JUNE 17, 2018: Signing in for a Microsoft account on a new modern smartphone

    (CNN) — Many security experts remain alarmed about the large, Chinese-linked hack of Microsoft’s Exchange email service a week after the attack was first reported.

The breach is believed to have targeted hundreds of thousands of Exchange users around the world. Microsoft said four vulnerabilities in its software allowed hackers to access servers for the popular email and calendar service, and the company urged customers to immediately update their on-premises systems with software fixes.

Even the White House quickly got involved, and now multiple US government agencies also are investigating the attack.

Since the hack was reported last Tuesday, “a large number” of additional threat actors “have been rushing to exploit these vulnerabilities” in Exchange servers that have not yet been updated, cybersecurity software firm Symantec said Monday, adding another layer of urgency to the situation and potentially leading to more victims.

“This is the real deal,” Christopher Krebs, former director of the US Cybersecurity and Infrastructure Security Agency (CISA), tweeted last week, encouraging Exchange server users to quickly respond to the issue.

Here’s what is known about the hack so far:

Who is behind it?

Microsoft attributed the attack to a network of hackers it calls Hafnium, a group the company “assessed to be state sponsored and operating out of China.” The “state-sponsored” actor was identified by the Microsoft Threat Intelligence Center based on observed “tactics and procedures,” according to the company.

Though Hafnium is believed to be based in China, it usually strikes using virtual private servers based in the United States, Microsoft said. The company referred to the group as “a highly skilled and sophisticated actor.”

A spokesperson for China’s Ministry of Foreign Affairs said that the country “firmly opposes and fights all forms of cyber-attacks and thefts in accordance with the law.”

It’s worth noting that the Microsoft Exchange hack is unrelated to the SolarWinds attack that the US government and businesses have been reeling from in recent months, which is suspected to be linked to Russia.

Who was targeted?

As of Saturday, there were an estimated 30,000 affected customers in the United States and 250,000 globally, though those numbers could increase, a US official told CNN.

The hack is mainly a concern for business and government customers that use Microsoft’s Exchange Server product. Microsoft said it has “no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products.”

It has said the cloud-based Exchange Online and Microsoft 365 products were not affected.

The types of victims so far identified by Microsoft and US government agencies include state and local governments, policy think tanks, academic institutions, infectious disease researchers and businesses such as law firms and defense contractors. Cybersecurity firm FireEye also said last week that it had identified multiple specific victims “including US-based retailers, local governments, a university and an engineering firm.”

What is the goal of the hack?

The attack gave hackers access to the email systems of targeted organizations. Once the Hafnium attackers compromise an organization, Microsoft said, they have been known to steal data such as emails and address books, and to gain access to its user account database.

One victim, a person working at a Washington think tank who was contacted by the FBI, said attackers had used the unauthorized access to email that person’s contacts in a way that looked legitimate. Each message included links asking people to click on them, the person told CNN on Friday.

Hackers could also install additional malware to facilitate ongoing, long-term access to victims’ systems, including files, inboxes and credentials stored there.

What is being done about it?

Microsoft last week released emergency security updates for customers using on-premises Exchange Server systems.

“We strongly encourage all Exchange Server customers to apply these updates immediately,” Microsoft said in a statement.

Microsoft released a tool that can help users detect related malicious activity. CISA, the US cybersecurity agency, advised network security officials to look for evidence of intrusions as far back as September 2020, and released an emergency directive on Tuesday requiring federal agencies to either update their servers or to disconnect them.

White House press secretary Jen Psaki and national security adviser Jake Sullivan also urged IT administrators nationwide to install the software fixes immediately.

The CISA last week warned that if not addressed, the malicious activity could “enable an attacker to gain control of an entire enterprise network.”

Biden administration is expected to form a task force involving multiple agencies — including the National Security Council, FBI, CISA and others — to address the hack.

“This has the potential to simultaneously affect organizations that are critical to everyday life in the US,” a source familiar with the US government investigation into the attack told CNN.

™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.

Today’s Top Stories

All News

making way for The Point, a guard tower is knocked down as part of the old state prison's demolitio...
Aimee Cobabe

As the old state prison goes down, development of The Point begins

The Point will take about two decades for developers to finish, but leaders in the project are optimistic that the planned community will be worth the wait.
17 hours ago
A former American Fork soccer coach is under arrest and facing six felony counts of child sexual ab...
Hugo Rikard-Bell

Former American Fork soccer coach arrested on charges of child sexual abuse

The suspect arrested on charges of child sexual abuse was reportedly a soccer coach for the UC Strikers and Utah FC junior teams, between 2000 and 2014, according to American Fork Police.
17 hours ago
Christine McVie, one of the members of Fleetwood Mac, has died at the age of 79....
Lisa Respers France

Christine McVie of Fleetwood Mac dead at 79

A statement from McVie's family said she'd been hospitalized with a short illness, and that her family was with her when she died.
17 hours ago
two deer are pictured gazing up along the grass, research will take a deep dive into deer this seas...
Elizabeth Weiler

DWR conducting deer research and checkups via helicopter transport

SALT LAKE CITY — Deer are plentiful in the Beehive State. The Utah Division of Wildlife Resources said this time of year is prime time to conduct deer research. DWR biologists are taking on a new form of research. The organization plans to capture deer and transport them via helicopter to different staging areas across […]
17 hours ago
santa claus...
Kim Passoth

More Santa’s helpers needed in this first “normal” year since pandemic

Unlike his boss at the North Pole, stand-in Santa Kevin Peachy can’t be everywhere at once. More Santa's helpers are needed!
17 hours ago
Rep. Hakeem Jeffries becomes the first Black lawmaker to lead a political party in the U.S. Congres...
Daniella Diaz

Rep. Hakeem Jeffries to succeed Pelosi, the first Black lawmaker to lead a party in Congress

At 52, Jeffries represents a generational change from the current House Democratic leaders, who are three decades older than him.
17 hours ago

Sponsored Articles

Happy joyful smiling casual satisfied woman learning and communicates in sign language online using...

The best tools for Deaf and hard-of-hearing workplace success

Here are some of the best resources to make your workplace work better for Deaf and hard-of-hearing employees.
Team supporters celebrating at a tailgate party...

8 Delicious Tailgate Foods That Require Zero Prep Work

In a hurry? These 8 tailgate foods take zero prep work, so you can fuel up and get back to what matters most: getting hyped for your favorite
christmas decorations candles in glass jars with fir on a old wooden table...
Western Nut Company

12 Mason Jar Gift Ideas for the 12 Days of Christmas [with recipes!]

There are so many clever mason jar gift ideas to give something thoughtful to your neighbors or friends. Read our 12 ideas to make your own!
wide shot of Bear Lake with a person on a stand up paddle board...

Pack your bags! Extended stays at Bear Lake await you

Work from here! Read our tips to prepare for your extended stay, whether at Bear Lake or somewhere else nearby.
young boy with hearing aid...

Accommodations for students who are deaf and hard of hearing

These different types of accommodations for students who are deaf and hard of hearing can help them succeed in school.
Young woman receiving laser treatment...
Form Derm Spa

How facial plastic surgery and skincare are joining forces

Facial plastic surgery is not only about looking good but about feeling good too. The medical team at Form Spa are trained to help you reach your aesthetic outcomes through surgery and through skincare and dermatology, too.
Here’s what we know so far about the massive Microsoft Exchange hack