Biden administration launching task force to investigate whether China orchestrated Microsoft Exchange hack

President Joe Biden
President Joe Biden. Jim Lo Scalzo/Reuters
  • On Tuesday, Microsoft said their Exchange product had been hacked by a state-backed Chinese entity.
  • At least 30,000 businesses and government bodies were affected by the hack, which began in January.
  • The Biden administration is setting up a task force to probe the attack, CNN reported.
  • Visit the Business section of Insider for more stories.

President Joe Biden’s administration is launching a task force to investigate the recent hack of a popular Microsoft product, allegedly backed by Beijing, CNN reported.

On Tuesday, Microsoft said that its Exchange email server had been hacked by the “Hafnium” group with the support of the Chinese state. The breach began in early January and was discovered by the cyber security firm Volexity.

Wang Wenbin, a Chinese Foreign Ministry spokesman, said Wednesday there was insufficient evidence to prove Chinese state involvement.

The number of organizations affected by the hack, which included government agencies and businesses, numbered at least 30,000, according to cybersecurity reporter Brain Krebs.

A former US national security official told WIRED the hack was “absolutely massive” adding that “we’re talking thousands of servers compromised per hour, globally.”

Microsoft
The Microsoft logo. Sam Yeh/Getty Images

As a result of the hack, a US official told CNN that a new multi-agency “Unified Coordination Group” task force will include FBI and Cybersecurity and Infrastructure Security Agency (CISA) agents.

“We’re now working with our partners and looking closely at the next steps we need to take. This is an active threat still developing and we urge network operators to take it very seriously,” the official said, per CNN.

Microsoft said Hafnium were a “highly skilled and sophisticated actor” and, in a statement, laid out how the attack unfolded.

“First, it would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what’s called a web shell to control the compromised server remotely. Third, it would use that remote access – run from the US-based private servers – to steal data from an organization’s network,” Microsoft said.

The company has since released a security update that rectified issues across versions of Exchange from 2013 to 2019 and recommended that users install updates immediately.

On Friday, Jen Psaki, the White House press secretary, told reporters on Friday that the Exchange servers had “significant” weaknesses.

The White House still regards the situation as an “active threat,” CNN said.

Jeff Jones, a senior director at Microsoft, told The New York Times: “We are working closely with the CISA, other government agencies, and security companies to ensure we are providing the best possible guidance and mitigation for our customers.”