Mail server

US issues warning after Microsoft says China hacked into its mail server program

The United States has issued an emergency warning after Microsoft said it caught China hacking into its email and calendar server program, called Exchange.

The perpetrator, Microsoft said in a blog post, is a “highly trusted” group of hackers who work for the Chinese government and mainly spy on US targets. The latest software update for Exchange blocks hackers, prompting the US Cybersecurity and Infrastructure Security Agency, or CISA, to issue a rare emergency directive that requires all government networks to do so.

CISA, America’s primary defensive cybersecurity agency, rarely exercises its authority to demand that the entire US government take action to protect its cybersecurity. The move was necessary, the agency said, because Exchange hackers are able to “gain persistent access to the system.” All government agencies have until Friday noon to download the latest software update.

In a separate blog post, Microsoft Vice President Tom Burt wrote that hackers had recently spied on a wide range of US targets, including disease researchers, law firms and contractors. defense.

Burt added that the company had seen no evidence that individual consumers were being targeted, but pointed out that the hacker group had previously targeted “infectious disease researchers, law firms, higher education institutions , defense contractors, policy think tanks and NGOs”.

Contacted by email, a spokesperson for the Chinese Embassy in Washington referred to recent comments by spokesperson Wang Wenbin.

“China has repeatedly said that given the virtual nature of cyberspace and the fact that there are all sorts of hard-to-trace online actors, tracing the source of cyberattacks is a complex technical issue,” said Mr. .Wang.

“We hope that the media and companies concerned will adopt a professional and responsible attitude and emphasize the importance of having sufficient evidence when identifying cybersecurity incidents, rather than making baseless accusations.”

There was no immediate indication that the hack had led to significant exploitation of government computer networks. But the announcement marks the second time in recent months that the United States has rushed to respond to a widespread hacking campaign believed to be the work of foreign government spies.

The United States is still investigating the damage after suspected Russian hackers broke into a software management company, SolarWinds, and used the breach to hack into nine federal agencies and about 100 private companies, a said White House deputy national security adviser Anne Neuberger in February.

Download the NBC News app for breaking news and politics

As the developer behind the world’s most popular operating system, Windows, Microsoft is considered by Western cybersecurity experts to have exceptional insight into global hacking campaigns.

The campaign gave hackers access not only to victims’ emails and calendar invites, but also to their entire networks, Microsoft said. The hackers used four separate “zero-day” exploits, which are rare digital tools that get their name because software developers don’t know about them, leaving them with zero days to prepare patches.

ESET, a Slovak cybersecurity company, said on Twitter that its researchers had seen multiple hacker groups, not just the one Microsoft named in its announcement, that were also exploiting some of the same vulnerabilities in older versions of Exchange.