What you need to know
- U.S. government agencies have suffered from vulnerabilities in Microsoft Exchange Server.
- The attackers appear to be state-sponsored Chinese hackers.
- CISA is instructing the use of Microsoft tools to secure infrastructure.
U.S. government agencies with on-site variants of Microsoft Exchange Server have been instructed by the Cybersecurity and Infrastructure Security Agency (CISA) to use Microsoft patches and anti-malware tools to suss out any threats. All affected agencies are instructed to implement security hardening changes by June 28, 2021. The specific changes CISA is demanding can be read here.
This need for heightened security comes as a result of state-sponsored Chinese hackers taking advantage of security flaws to steal Exchange Server data. Microsoft has a blog post detailing some specifics of the hacker organization, which has been dubbed Hafnium. According to the post, though Hafnium is based in China, the group's members lease and use virtual private servers (VPS) in the U.S.
Microsoft has another post detailing specifics of Hafnium's activities, as well as the company's efforts to stop them. That post goes into greater technical detail for anyone curious about the ins and outs of the cyber warfare currently being waged.
CISA is not happy about branches of the U.S. government being vulnerable to Hafnium. In CISA's own words, "... this exploitation of Microsoft Exchange on-premises products poses an unacceptable risk to Federal Civilian Executive Branch agencies." It's no secret that the U.S. government has many enemies and way more threats than just a group of state-sponsored Chinese hackers to worry about, so the severity of potential vulnerabilities cannot be understated.
Microsoft claims that 92% of worldwide Exchange IPs have been patched or mitigated. Time will tell if the vulnerable percentages that remain end up being the only ones that matter.
