WASHINGTON — The White House on Friday called it an "active threat" that China-based government hackers exploited a bug in Microsoft's email server software to target U.S. organizations.
Microsoft said Tuesday that a “highly skilled and sophisticated” state-sponsored group operating from China has been trying to steal information from a number of American targets, including universities, defense contractors, law firms and infectious-disease researchers.
Microsoft released security upgrades to fix the previously unknown vulnerabilities to its Exchange Server software, which is used for work email and calendar services, mostly for larger organizations that have their own in-person email servers.
White House Press Secretary Jen Psaki was asked Friday about a statement by national security adviser Jake Sullivan that the administration is closely tracking Microsoft's emergency patch.
"This is a significant vulnerability that could have far-reaching impacts. First and foremost, this is an active threat. And as the national security adviser tweeted last night, everyone running these servers, government, private sector, academia, needs to act now to patch them," Psaki said.
Psaki was also asked if any government agencies were affected by the hack.
"The Cybersecurity and Infrastructure Security Agency issued an emergency directive to agencies, and we're now looking closely at the next steps we need to take. It's still developing. We urge network operators to take it very seriously," Psaki said.
The company said the hacking group it calls Hafnium was able to trick Exchange servers into allowing it to gain access. The hackers then masqueraded as someone who should have access and created a way to control the server remotely so that they could steal data from an organization's network.
Microsoft said the group is based in China but operates from leased virtual private servers in the U.S., helping it avoid detection. The company declined Tuesday to name any specific targets or say how many organizations were affected.