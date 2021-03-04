



The United States issued an emergency warning after Microsoft said it caught China hacking its mail and calendar server program, called Exchange.

The author, Microsoft said in a blog post, is a “high trust” hacker group working for the Chinese government and primarily spying on US targets. The latest software update for Exchange blocks hackers, prompting the Cybersecurity and Infrastructure Security Agency, or CISA, to issue a rare emergency directive that forces all government networks to do so.

CISA, the leading defensive cybersecurity agency in the United States, rarely exercises its authority to demand that the entire US government take action to protect its cybersecurity. The move was necessary, the agency said, because Exchange hackers are able “to gain permanent access to the system.” All government agencies have until noon Friday to download the latest software update.

In another blog post, Microsoft Vice President Tom Burt wrote that hackers had recently spied on a wide range of U.S. targets, including disease researchers, law firms and entrepreneurs. defense.

Burt added that the company had seen no evidence that individual consumers were being targeted, but noted that the hacker group had previously targeted “infectious disease researchers, law firms, higher education institutions, defense contractors, political think tanks and NGOs ”.

Contacted by email, a spokesperson for the Chinese Embassy in Washington referred to recent comments by spokesman Wang Wenbin.

“China has repeatedly reiterated that given the virtual nature of cyberspace and the fact that there are all kinds of actors online that are difficult to trace, pinpointing the source of cyber attacks is a complex technical issue,” Wang said. .

“We hope that the media and businesses concerned will adopt a professional and responsible attitude and stress the importance of having sufficient evidence when identifying cybercrime incidents, rather than making baseless accusations.

There was no immediate indication that the hack had led to significant exploitation of government computer networks. But the announcement marks the second time in recent months that the United States has scrambled to tackle a massive hacking campaign believed to be the work of foreign government spies.

The United States is still assessing the damage after suspected Russian hackers broke into a software management company, SolarWinds, and used the breach to hack nine federal agencies and around 100 private companies, said in February. White House Deputy National Security Advisor Anne Neuberger.

As the developer behind the world’s most popular operating system, Windows, Microsoft is considered by Western cybersecurity experts to have exceptional insight into global hacking campaigns.

The campaign allowed hackers to access not only victims’ emails and calendar invitations, but their entire networks, Microsoft said. Hackers used four separate zero-day exploits, which are rare digital tools that get their name because software developers don’t know about them, leaving them with no day to prepare for fixes.

ESET, a Slovak cybersecurity company, said on Twitter that its researchers had seen several hacker groups, not just the one Microsoft named in its announcement, who were also exploiting some of the same vulnerabilities in older versions of Exchange.

