Here’s what we know so far about the massive Microsoft Exchange hack

Mar 10, 2021, 5:34 AM

KONSKIE, POLAND - JUNE 17, 2018: Signing in for a Microsoft account on a new modern smartphone...

KONSKIE, POLAND - JUNE 17, 2018: Signing in for a Microsoft account on a new modern smartphone

    (CNN) — Many security experts remain alarmed about the large, Chinese-linked hack of Microsoft’s Exchange email service a week after the attack was first reported.

The breach is believed to have targeted hundreds of thousands of Exchange users around the world. Microsoft said four vulnerabilities in its software allowed hackers to access servers for the popular email and calendar service, and the company urged customers to immediately update their on-premises systems with software fixes.

Even the White House quickly got involved, and now multiple US government agencies also are investigating the attack.

Since the hack was reported last Tuesday, “a large number” of additional threat actors “have been rushing to exploit these vulnerabilities” in Exchange servers that have not yet been updated, cybersecurity software firm Symantec said Monday, adding another layer of urgency to the situation and potentially leading to more victims.

“This is the real deal,” Christopher Krebs, former director of the US Cybersecurity and Infrastructure Security Agency (CISA), tweeted last week, encouraging Exchange server users to quickly respond to the issue.

Here’s what is known about the hack so far:

Who is behind it?

Microsoft attributed the attack to a network of hackers it calls Hafnium, a group the company “assessed to be state sponsored and operating out of China.” The “state-sponsored” actor was identified by the Microsoft Threat Intelligence Center based on observed “tactics and procedures,” according to the company.

Though Hafnium is believed to be based in China, it usually strikes using virtual private servers based in the United States, Microsoft said. The company referred to the group as “a highly skilled and sophisticated actor.”

A spokesperson for China’s Ministry of Foreign Affairs said that the country “firmly opposes and fights all forms of cyber-attacks and thefts in accordance with the law.”

It’s worth noting that the Microsoft Exchange hack is unrelated to the SolarWinds attack that the US government and businesses have been reeling from in recent months, which is suspected to be linked to Russia.

Who was targeted?

As of Saturday, there were an estimated 30,000 affected customers in the United States and 250,000 globally, though those numbers could increase, a US official told CNN.

The hack is mainly a concern for business and government customers that use Microsoft’s Exchange Server product. Microsoft said it has “no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products.”

It has said the cloud-based Exchange Online and Microsoft 365 products were not affected.

The types of victims so far identified by Microsoft and US government agencies include state and local governments, policy think tanks, academic institutions, infectious disease researchers and businesses such as law firms and defense contractors. Cybersecurity firm FireEye also said last week that it had identified multiple specific victims “including US-based retailers, local governments, a university and an engineering firm.”

What is the goal of the hack?

The attack gave hackers access to the email systems of targeted organizations. Once the Hafnium attackers compromise an organization, Microsoft said, they have been known to steal data such as emails and address books, and to gain access to its user account database.

One victim, a person working at a Washington think tank who was contacted by the FBI, said attackers had used the unauthorized access to email that person’s contacts in a way that looked legitimate. Each message included links asking people to click on them, the person told CNN on Friday.

Hackers could also install additional malware to facilitate ongoing, long-term access to victims’ systems, including files, inboxes and credentials stored there.

What is being done about it?

Microsoft last week released emergency security updates for customers using on-premises Exchange Server systems.

“We strongly encourage all Exchange Server customers to apply these updates immediately,” Microsoft said in a statement.

Microsoft released a tool that can help users detect related malicious activity. CISA, the US cybersecurity agency, advised network security officials to look for evidence of intrusions as far back as September 2020, and released an emergency directive on Tuesday requiring federal agencies to either update their servers or to disconnect them.

White House press secretary Jen Psaki and national security adviser Jake Sullivan also urged IT administrators nationwide to install the software fixes immediately.

The CISA last week warned that if not addressed, the malicious activity could “enable an attacker to gain control of an entire enterprise network.”

Biden administration is expected to form a task force involving multiple agencies — including the National Security Council, FBI, CISA and others — to address the hack.

“This has the potential to simultaneously affect organizations that are critical to everyday life in the US,” a source familiar with the US government investigation into the attack told CNN.

™ & © 2021 Cable News Network, Inc., a WarnerMedia Company. All rights reserved.

We want to hear from you.

Have a story idea or tip? Send it to the KSL NewsRadio team here.

All News

Oquirrh Hills Middle School shown, peer tutors there work with students with special needs...

Amanda Dickson

Dickson: The magic of peer tutors in middle school

Peer tutors are students of the same age in the same school who work one-on-one with students with special needs in their school.

47 minutes ago

A screenshot shows where Shepard Lane in in relation to I-15 in Farmington....

Adam Small

Construction underway for UDOT’s I-15 Shepard Lane Interchange project

FARMINGTON– The Utah Department of Transportation is beginning construction on a project that will turn Shepard Lane into a new I-15 interchange. Mitch Shaw, a UDOT spokesperson, told KSL NewsRadio that the project will bring more than just a freeway entrance. New roads will also be connected to Shepard Lane.  “It’s all…our effort to make […]

2 hours ago

FILE: Citizens crowd in classrooms at Mt. Logan Middle School in Logan, Utah a Republican caucus me...

Peter Johnston

It’s Super Tuesday tomorrow. Here’s how to cast your vote for the presidential nominee.

One Utah party will hold a caucus to determine a presidential preference, another will meet, but ultimately decide by mail.

3 hours ago

police cars...

Mariah Maynes

SLCPD identify two killed in workplace shooting

Salt Lake City Police Department said they have identified two men who were killed in a workplace shooting on Sunday. 

4 hours ago

Madison Leonard and Adam Lau are returning to the Utah Opera to play Susanna and Figaro.(Utah Opera...

Mariah Maynes

Utah Opera to present The Marriage of Figaro

Utah Opera announced that it will present The Marriage of Figaro. The opera, composed by Wolfgang Amadeus Mozart, will open at the Janet Quinney Lawson Capitol Theater on Saturday, March 9. 

5 hours ago

Cars drive on I-80 with a snowy mountain backdrop after snowstorms hit the Wasatch Front throughout...

Adam Small

More snow expected along the Wasatch Front Monday

The Wasatch Front will see some snow on Monday which could impact drivers during the evening commute.

6 hours ago

Sponsored Articles

Mother and cute toddler child in a little fancy wooden cottage, reading a book, drinking tea and en...

Visit Bear Lake

How to find the best winter lodging in Bear Lake, Utah

Winter lodging in Bear Lake can be more limited than in the summer, but with some careful planning you can easily book your next winter trip.

Happy family in winter clothing at the ski resort, winter time, watching at mountains in front of t...

Visit Bear Lake

Ski more for less: Affordable ski resorts near Bear Lake, Utah

Plan your perfect ski getaway in Bear Lake this winter, with pristine slopes, affordable tickets, and breathtaking scenery.

front of the Butch Cassidy museum with a man in a cowboy hat standing in the doorway...

Bear Lake Convention and Visitors Bureau

Looking Back: The History of Bear Lake

The history of Bear Lake is full of fascinating stories. At over 250,000 years old, the lake has seen generations of people visit its shores.

silhouette of a family looking over a lake with a bird in the top corner flying...

Bear Lake Convention and Visitors Bureau

8 Fun Activities To Do in Bear Lake Without Getting in the Water

Bear Lake offers plenty of activities for the whole family to enjoy without having to get in the water. Catch 8 of our favorite activities.

Wellsville Mountains in the spring with a pond in the foreground...

Wasatch Property Management

Advantages of Renting Over Owning a Home

Renting allows you to enjoy luxury amenities and low maintenance without the long-term commitment and responsibilities of owning a home.

Clouds over a red rock vista in Hurricane, Utah...

Wasatch Property Management

Why Southern Utah is a Retirement Paradise

Retirement in southern Utah offers plenty of cultural and recreational opportunities. Find out all that this region has to offer.

Here’s what we know so far about the massive Microsoft Exchange hack