This article is more than 1 year old

US National Security Council urges review of Exchange Servers in wake of Hafnium attack

Don't just patch, check for p0wnage, says top natsec team

The Biden administration has urged users of Microsoft's Exchange mail and messaging server to ensure they have not fallen victim to the recently-detected "Hafnium" attack on Exchange Server that Microsoft says originated in China.

Microsoft revealed the attack last week and released Exchange security updates.

The Biden administration’s Cybersecurity and Infrastructure Security Agency (CISA) followed up with a March 5 general advisory encouraging upgrades to on-premises Exchange environments. Another advisory on 6 March upped the ante as follows:

CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 script—as soon as possible—to help determine whether their systems are compromised.

White House National Security advisor Jake Sullivan weighed in too, on his Twitter account:

The matter even made it to the White House briefing room. In last Friday's White House briefing, White House press secretary, Jen Psaki called the Microsoft breach “a significant vulnerability that could have far reaching impacts” and “an active threat.” She referred to Sullivan’s tweet and urged those running affected servers to patch them immediately, specifically government, private sector, and academia.

“The Cybersecurity and Infrastructure Security Agency issued an emergency directive to agencies and we're now looking closely at the next steps we need to take,” added Psaki, who declined to give further details on how or to what degree the government’s infrastructure was affected.

On March 7, the US National Security Council tweeted that patching and mitigation was not enough to protect vulnerable systems.

Microsoft, meanwhile, has issued additional mitigation advice for those unable to patch Exchange Server.

With 30,000 US-based Exchange users thought to have been targeted by whoever was behind Hafnium, and 250,000 impacted globally, reports are suggesting the Biden administration will create a task force to address the Hafnium attack and its aftermath.


The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made public


While China has not directly commented on the claim of its involvement in the attack, in a perhaps-co-incidence the nation has let it be known that it too is the victim of foreign hacking.

The chief software architect of Chinese anti-virus company Antiy Labs, Xiao Xinguang, gave a soft interview over the weekend in which he accused un-named foreigners of attacking Chinese medical researchers.

Xinguang, who is also a member of the National Committee of the Chinese People's Political Consultative Conference (CPPCC), claimed the goal of hyping cybersecurity is to promote a cold-war mentality. "So-called Chinese hackers' attacks were purely showing 'a thief crying stop thief'," Xinguang in conversation with state-controlled Global Times. ®

More about


Send us news

Other stories you might like