UPDATED 2:00 PM PT – Saturday, March 6, 2021
Microsoft announced 20,000 U.S. organizations have been compromised in a recent hack. On Friday, a U.S. official said Microsoft had discovered a breach in its exchange server, which works with Microsoft Outlook to ensure updates on devices are synchronized.
Security experts alleged Chinese hackers are behind the most recent security breach, however the Chinese government has denied those claims. This came as the hackers reportedly stole information from infectious disease researchers, law firms, defense contractors and institutes of higher education.
Microsoft said they are working with government agencies and security companies to resolve the issue.
Authorities noted the recent hack is completely separate from the SolarWinds hack discovered at the end of last year, which was attributed to Russian hackers.
During a press briefing, White House press secretary Jen Psaki warned the latest breach could have far reaching impact.
“First and foremost, this is an active threat, and as the National Security Advisor tweeted last night, everyone running these servers, government, private sector, academia, needs to act now to patch them,” Psaki stated. “We are concerned that there are a large number of victims and are working with our partners to understand the scope of this.”
We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities. We encourage network owners to patch ASAP: https://t.co/Q2K4DYWQud
— Jake Sullivan (@JakeSullivan46) March 5, 2021
This came as the Cybersecurity and Infrastructure Security Agency mandated emergency action be taken by those impacted by the breach. The government agency stated customers who believe they were not compromised must still apply “Microsoft patches” as a precaution.
However, the patches do not get rid of possible backdoors in the exchange software, allowing the attacks to continue.
Patching and mitigation is not remediation if the servers have already been compromised. It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted. https://t.co/HYKF2lA7sn
— National Security Council (@WHNSC) March 6, 2021
Reports have indicated thousands more customers may be affected by the security breach globally.