The United States has warned that Microsoft's Exchange email service, used by businesses, has been the target of a hack, and warns that there is an "active threat", with reportedly tens of thousands of US organisations at risk. A number of exploits have been identified in Microsoft Exchange Servers.
Microsoft has blamed the attack on China, claiming it was a "state-sponsored threat actor" called Hafnium. Microsoft executive Tom Burt gave details of the breach in a blog post. The Chinese government has come out and refuted the claims, saying that China is not behind the attack.
Since then, the US National Security Council has warned that it is "essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted". Organisations have been warned that patching the flaws is "not remediation", as servers have already been compromised and, therefore, data has most likely already been exposed.
Patching and mitigation is not remediation if the servers have already been compromised. It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted. https://t.co/HYKF2lA7sn
— National Security Council (@WHNSC) March 6, 2021
Microsoft has given examples of the types of organisations impacted, which includes businesses involved in law, infectious disease researchers, educational institutions, and defence contractors. Whilst reports are focusing on US organisations, there is also concern that many more could be affected worldwide.
White House National Security Advisor, Jake Sullivan, has urged all organisations using Microsoft Exchange Servers to download the patches, whilst the department has ordered an emergency directive to take action.
We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities. We encourage network owners to patch ASAP: https://t.co/Q2K4DYWQud
— Jake Sullivan (@JakeSullivan46) March 5, 2021
For Microsoft's part, the company has released patches which are available to download, and is also deploying mitigation measures, including a tool that will help organisations determine if they are impacted.
Microsoft has said that this attack is not related to the SolarWinds attack. Microsoft and US agencies are continuing to work together to establish the impact of the attack.