Who could have seen this coming?
Microsoft and cybersecurity experts believe the massive hack against the Microsoft Exchange Server this year was conducted by a Chinese hacker group, but the Biden administration has yet to point the finger.
President Joe Biden signed a cybersecurity executive order earlier this month, naming three recent prominent cyberattacks — SolarWinds, Colonial Pipeline, and Microsoft — with a White House fact sheet saying those “recent cybersecurity incidents … are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals.” The United States has said Russian intelligence is behind the SolarWinds hack and that a Russian hacker gang is behind the Colonial Pipeline attack, but it has not publicly attributed the Microsoft hack to anyone.
The tech giant announced in March that it had detected “multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks” in March and said its Threat Intelligence Center attributed the cybercampaign with “high confidence” to a hacker group dubbed “Hafnium,” which “operates primarily from leased virtual private servers in the United States.” Microsoft said the hacker group was “state-sponsored” and operating out of China. Microsoft said the hackers had used vulnerabilities to access email accounts and install additional malware “to facilitate long-term access to victim environments.”
h/t Ed Driscoll