US National Security Council urges review of Exchange Servers in wake of Hafnium attack
Don't just patch, check for p0wnage, says top natsec team
The Biden administration has urged users of Microsoft's Exchange mail and messaging server to ensure they have not fallen victim to the recently-detected "Hafnium" attack on Exchange Server that Microsoft says originated in China.
Microsoft revealed the attack last week and released Exchange security updates.
The Biden administration’s Cybersecurity and Infrastructure Security Agency (CISA) followed up with a March 5 general advisory encouraging upgrades to on-premises Exchange environments. Another advisory on 6 March upped the ante as follows:
CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 script—as soon as possible—to help determine whether their systems are compromised.
White House National Security advisor Jake Sullivan weighed in too, on his Twitter account:
We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities. We encourage network owners to patch ASAP: https://t.co/Q2K4DYWQud— Jake Sullivan (@JakeSullivan46) March 5, 2021
The matter even made it to the White House briefing room. In last Friday's White House briefing, White House press secretary, Jen Psaki called the Microsoft breach “a significant vulnerability that could have far reaching impacts” and “an active threat.” She referred to Sullivan’s tweet and urged those running affected servers to patch them immediately, specifically government, private sector, and academia.
“The Cybersecurity and Infrastructure Security Agency issued an emergency directive to agencies and we're now looking closely at the next steps we need to take,” added Psaki, who declined to give further details on how or to what degree the government’s infrastructure was affected.
On March 7, the US National Security Council tweeted that patching and mitigation was not enough to protect vulnerable systems.
Patching and mitigation is not remediation if the servers have already been compromised. It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted. https://t.co/HYKF2lA7sn— National Security Council (@WHNSC) March 6, 2021
Microsoft, meanwhile, has issued additional mitigation advice for those unable to patch Exchange Server.
With 30,000 US-based Exchange users thought to have been targeted by whoever was behind Hafnium, and 250,000 impacted globally, reports are suggesting the Biden administration will create a task force to address the Hafnium attack and its aftermath.
The perils of non-disclosure? China 'cloned and used' NSA zero-day exploit for years before it was made publicREAD MORE
While China has not directly commented on the claim of its involvement in the attack, in a perhaps-co-incidence the nation has let it be known that it too is the victim of foreign hacking.
The chief software architect of Chinese anti-virus company Antiy Labs, Xiao Xinguang, gave a soft interview over the weekend in which he accused un-named foreigners of attacking Chinese medical researchers.
Xinguang, who is also a member of the National Committee of the Chinese People's Political Consultative Conference (CPPCC), claimed the goal of hyping cybersecurity is to promote a cold-war mentality. "So-called Chinese hackers' attacks were purely showing 'a thief crying stop thief'," Xinguang in conversation with state-controlled Global Times. ®