SPONSORED:

White House calls Microsoft email breach an 'active threat'

White House calls Microsoft email breach an 'active threat'
© Getty Images

White House press secretary Jen PsakiJen PsakiOvernight Defense: Biden nominating first female Army secretary | Israel gets tough on Iran amid nuclear talks | Army's top enlisted soldier 'very proud' of officer pepper sprayed by police Israel gets tough with Iran as Biden signals shift from Trump Shocking killing renews tensions over police MORE said Friday that the Biden administration is closely following the breach of a Microsoft email application, reportedly carried out by Chinese hackers, calling it an “active threat” with a “large number of victims.”

“This is a significant vulnerability that could have far-reaching impacts. First and foremost, this is an active threat,” Psaki told reporters during the daily press briefing. 

She pointed to a tweet from national security adviser Jake SullivanJake SullivanHillicon Valley: Biden nominates former NSA deputy director to serve as cyber czar | Apple to send witness to Senate hearing after all | Biden pressed on semiconductor production amid shortage The Hill's 12:30 Report: Biden meets with bipartisan lawmakers for infrastructure negotiations Biden to nominate former NSA deputy director to serve as cyber czar MORE on Thursday night urging network administrators to patch their systems against a previously unknown vulnerability in Microsoft’s Exchange Server email application.

ADVERTISEMENT

Microsoft said earlier this week that the flaw was being used by a Chinese state-sponsored hacking group to target a variety of organizations.

Cybersecurity group FireEye said in blog post late Thursday night that hackers had been in at least one client’s system since January, and that they had gone after “US-based retailers, local governments, a university, and an engineering firm,” along with a Southeast Asian government and a Central Asian telecom group.

There are likely other international victims, with the Czech Republic’s National Office for Cyber and Information Security putting out a statement Friday saying it's assisting affected organizations.

While Psaki declined to comment Friday on whether any federal agencies were compromised, she urged network operators to “consider if they have already been compromised” and if so to “take appropriate steps.”

“Everyone running these servers — government, private sector, academia — needs to act now to patch them,” Psaki said. “We are concerned there are a large number of victims and we are working with our partners to understand the scope of this. So it’s an ongoing process.”

ADVERTISEMENT

“We are still looking closely at what happened and the next steps that need to be taken,” Psaki added.

While there has been no confirmation of any federal agencies compromised, the Cybersecurity and Infrastructure Security Agency (CISA) put out an emergency directive earlier this week ordering all agencies to immediately investigate whether they had been breached, and if so, to either implement a patch or disconnect from Exchange Server.

CISA said the breach “poses an unacceptable risk to Federal Civilian Executive Branch agencies.”

Microsoft alleged earlier this week that the Chinese hacking group known as “Hafnium” was responsible for exploiting the vulnerabilities. Microsoft noted the group had previously attempted to steal information from infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and nongovernmental organizations.

The news comes as the federal government continues with its investigation of the SolarWinds hack. That incident, which U.S. intelligence officials said in January was likely carried out by sophisticated Russian hackers, potentially compromised up to 18,000 customers of IT group SolarWinds.

ADVERTISEMENT

As of last month, at least nine federal agencies and 100 private sector groups, including both FireEye and Microsoft, were confirmed to have been compromised in the SolarWinds hack, which lasted for a year and was one of the largest cyber espionage events in U.S. history.

The Biden administration is weighing how to respond to the SolarWinds breach, which was one of several issues President BidenJoe BidenTrump: McConnell 'helpless' to stop Biden from packing court Biden, first lady send 'warmest greetings' to Muslims for Ramadan The business case for child care reform MORE discussed during his first conversation in office with Russian President Vladimir PutinVladimir Vladimirovich PutinNavalny lawyers say prison threatening to force-feed Kremlin critic Bay of Pigs has lessons for our time Blinken to return to Brussels to discuss Russia, Ukraine tensions MORE

The Washington Post reported last month that the administration would impose sanctions on Russia for the breach. Psaki said on Feb. 23 that a response from the administration will come in “weeks, not months.”