The US has issued an emergency warning after tech giant Microsoft said that the company has caught China hacking into the Exchange—its email and calendar server program.
In a blog post, Microsoft said that the perpetrator is a hacking group and the company believes that the threat actors are working for the Chinese government and spies primarily on American targets.
The software update for Exchange blocks the hackers, prompting the Cybersecurity and Infrastructure Security Agency (CISA) in the US to issue an unusual directive that requires all the government networks to do so. As explained by the agency, this rare move was necessary because hackers are able "to gain persistent system access". The government agencies have time till Friday noon to download the latest software update.
According to Microsoft Vice President Tom Burt, alleged China-linked hackers have recently spied on a wide range of American targets, which includes disease researchers, defense contractors and law firms.
Even though Burt said that Microsoft hasn't yet seen any evidence supporting the fact that the hackers targeted individual consumers, he stressed that the group of hackers has previously targeted infectious disease experts, higher education institutions, defense contractors, law firms, policy think tanks NGOs.
As reported, the spokesperson from the Chinese Embassy in Washington referred to a recent comment by spokesman Wang Wenbin who said that China has reiterated on multiple occasions that given the virtual nature of cyberspace and the fact that there are all kinds of cyber threat actors who are difficult to trace, tracing the source of cybersecurity threats is a complex technical issue.
"We hope that relevant media and company will adopt a professional and responsible attitude and underscore the importance to have enough evidence when identifying cyber-related incidents, rather than make groundless accusations," added Wang.
The recent warning was raised at a time when the US is still recovering from the damage made by the hackers suspected to be Russia-backed threat actors who breached a software management company called SolarWinds. Microsoft said that the new campaign gave the hackers access to the victims' email accounts and calendar invitations, as well as to their entire networks.
The cybercriminals used four distinct "zero-day" exploits, which are rare digital tools that get their name as software developers don't know about them, giving them no time to prepare fixes.
On Twitter, a cybersecurity company ESET said that its researchers had seen several hacker groups who were found to be exploiting some of the same vulnerabilities in the older versions of Exchange.