The Biden administration is launching an emergency task force to deal with an aggressive cyber attack that has affected thousands of microcross customers around the world – the U.S. after the election. The second largest hacking campaign to attack.
The attack, first reported on March 5 by security researcher Brian Krebs, allowed hackers to access the email accounts of at least 30,000 organizations in the US.
These back channels for remote access can affect credit unions, city governments and small businesses, and the U.S. Officers rushed to reach the victims, urging the FBI to contact law enforcement agencies on Sunday.
The “unusually aggressive” attack infiltrates using tools that give attackers “full, remote control” of the affected systems, cybersecurity experts told Krebs briefing on the subject.
On Saturday, the Cybersecurity and Infrastructure Security Agency (CISA) encouraged all organizations using Microsoft Exchange to scan devices for vulnerabilities. White House Press Secretary Jane Psaki said in a press briefing Friday that the breach “represents significant vulnerabilities that have far-reaching implications.”
“First and foremost, this is an active threat,” he said. “We are concerned that there are a large number of victims and are working with our partners to understand the scope of this.”
The latest hack comes on the heels of Solarwinds, a separate series of sophisticated attacks attributed to Russia, involving about 100 U.S. companies and nine federal agencies.
Microsoft said it saw no evidence that the actor behind Solarwinds had discovered or exploited any vulnerabilities in Microsoft products and services.
Researchers say the latest hack began as a controlled attack on some large targets beginning in late 2020 and was found evolving into a more comprehensive campaign in early January. Additional attacks are expected from other hackers who use the code to take control of mail servers.
The Biden administration has launched multi-agency efforts launched by the National Security Council, including the FBI, lead and others, to determine who has been hacked, what has been done and how to quickly patch vulnerabilities, the U.S. official said. To do.
Microsoft had previously issued patches for the attack on Tuesday, but fixing the issue would be more complicated because the patches would not undo the damage already done, said California-based security firm Vectra’s chief technician O Li O Tavakoli. officer G.Filator O Lever Tawakoli said.
“Patching their exchange servers will prevent an attack if their exchange servers have not already been compromised,” Tawakoli said. “But it will not undo the attackers on the already compromised Exchange server.”
The European Banking Authority, the European Union’s banking regulator that collects and stores sensitive data about banks and their lending, confirmed on Monday that it had taken effect. He says he believes the cyber attack only hit his email servers and no data was received. Pasaki declined to answer at this week’s press conference whether any major U.S. government institutions were affected by the breach, and other targets have not yet been named.
A source familiar with the matter told Reuters that the Chinese government-backed actor had been blamed for the attack. China has also blamed China for the attack. A Chinese government spokesman said the country was not behind the infiltration, according to Reuters.
The latest hack comes on the heels of Solarwinds, a separate series of sophisticated attacks attributed to Russia, involving about 100 U.S. companies and nine federal agencies.
“We see no evidence that the actor behind Solarwinds has discovered or exploited any vulnerabilities in Microsoft products and services,” the company said.
A spokesman for Microfte said in a statement that the company was working with lead, other government agencies and security companies to respond to the hack.
“The best effect is to apply updates to all affected systems as soon as possible. We continue to help customers by providing additional investigation and prevention guidance, ”he said. “Affected customers should contact our support teams for additional assistance and resources.”
The most recent hack of the micro .ft, a former national security official who reported the so-called “fairly huge” in an interview with Wired, could be bigger than the historically large Solarwinds attack, a historian asked for a congressional hearing this month.
At that hearing, tech executives, including Brad Smith, president of MicroSt.
Tawakoli, meanwhile, said it was difficult for U.S. agencies to handle the hack so close to the recent Solarwinds attack.
“This hack will compete for a similar investigation and remedy tool, so having two such widespread attacks at the same time puts a huge strain on resources,” he said.
Reuters contributed to this report