Last week, Microsoft
Last week's announcement revealed that Chinese-based hackers were responsible for breaching Microsoft Exchange Server, which features email and calendar task-keeping capabilities. The breach resulted in tens of thousands of organizations being breached initially, but in the week since, that number has doubled due to opportunistic cyberattacks. Microsoft's announcement came before cybersecurity experts had fully plugged the breach and has only complicated matters for Microsoft and the various security firms currently working with affected clients.
According to cybersecurity experts, Hafnium, a Chinese state-backed hacking group, was responsible for the initial hack. Because of Microsoft's announcement, at least five other groups have since entered the fray. Many were discovered because they had given their presence away; according to experts, as hackers noticed security patches were forthcoming, they began to increase their efforts to establish a foothold in affected systems, which would give them a foundation to launch future attacks from.
While the announcement came last week, the breach is actually months old, and Microsoft had known since at least January that there was a breach. The lack of attention and response has allowed the hack to grow to a massive scale, with estimated "casualties" in the range of 30,000-60,000, and possibly more. The full scope of the breach still remains unknown but is estimated to be catastrophic.
Many experts are critical of Microsoft's role in the debacle, especially as Microsoft confirmed that it was aware of the breach in January and didn't issue patches until recently. Microsoft has dodged requests for comment from the press and has said very little on the matter.
The hack's potential to have been state-sponsored puts the United States in an awkward position concerning its relationship with China. While China has denied the attack, evidence of state-sponsored groups' participation is causing many to doubt the authenticity of China's denial.
According to the White House, President Joe Biden is reviewing the situation, but what plan of action the President is pursuing is uncertain at the moment. Like any means of warfare, reprisal through cyberattacks brings the threat of escalation, which may put U.S. firms at even greater risk than they already are. Economic and political sanctions may also feature in any reprisal, as they have been commonly employed against China and Russia for similar actions against the United States in the past.
- https://www.nbcnews.com/tech/security/really-messy-hack-microsofts-email-system-getting-worse-rcna377
- https://www.theverge.com/2021/3/8/22319934/microsoft-hafnium-hack-exchange-server-email-flaw-white-house
- https://www.bbc.com/news/technology-56325784
- https://mytechdecisions.com/network-security/report-30000-organizations-could-be-compromised-by-chinese-hackers-exploiting-microsoft-vulnerabilities/