President Biden Launches Emergency Task Force To Address Microsoft Cyber-Attack

The cyber-attack granted hackers access to over 30,000 email accounts linked to organizations in the United States.

Embed from Getty Images

The Biden administration has announced the creation of an emergency task force specifically made to address an “unusually aggressive” cyber-attack that took aim at hundreds of thousands of Microsoft customers around the world and within the US. This is now thought to be the second major hacking campaign to hit the US since the election. 

Security researcher Brian Krebs initially reported the hacking last week, in which hackers achieved access to at least 30,000 organizations throughout the US and their email accounts. The FBI has been contacted and is urging all impacted organizations to contact law enforcement as well. According to the agency the back channels in which the hackers gained access can affect credit unions, town governments and small businesses. 

Krebs claimed that cybersecurity experts briefed him on the issue and that the “unusually aggressive attack infiltrated accounts using tools that give the attackers total remote control over affected systems.” This past weekend the Cybersecurity and Infrastructure Security Agency (CISA) sent out a general statement urging any organizations using Microsoft Exchange to scan their devices for any potential vulnerabilities. Jen Psaki, the White House press secretary, recently delivered a press briefing on the task force.

“The breach represents a significant vulnerability that could have far-reaching impacts. We are concerned that there are a large number of victims and are working to understand the scope of this.”

“The latest hack comes on the heels of SolarWinds, a separate series of sophisticated attacks attributed to Russia that breached about 100 US companies and nine federal agencies,” according to Microsoft, who claims that they have seen “no evidence that the actor behind SolarWinds discovered or exploited any vulnerability in Microsoft products and services.” 

Researchers claim that this recent attack began in late 2020 as a controlled attack on a few large targets throughout the nation. In early 2021, they realized the attack was much larger than they initially anticipated. In fact, it’s expected that additional cyberattacks will be occurring from other hackers not even related to this incident. This is due to the fact that the code these hackers used to hack into certain mail services are currently being spread online still. 

The Biden administration has announced the launching of a multi-agency effort, which includes the FBI, CISA, and other government bodies, to help determine who’s been hacked, what’s been done so far, and how quickly we can end and prevent future events from occurring. A Microsoft spokesman recently released a statement regarding the collaborative effort of CISA and themselves and what they’re doing to help combat this hacking. 

Embed from Getty Images

“We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources.”

Embed from Getty Images

Microsoft announced that they issued what’s known as patches to combat the attacks this week. Patches don’t undo damage that’s already been done, however, “Patching the Exchange servers will prevent an attack if these organization’s Exchange server has not already been compromised. But it will not undo the foothold attackers have on an already compromised Exchange server,” according to Oliver Tavakoli, the chief technology officer at Vectra, a security firm based in California. 

The European Banking Authority, responsible for regulating all banking in the European Union, confirmed this week that they have been affected by the hacking as well. A representative for the Authority claimed that the “cyber attack had only struck our email servers and no data has been obtained.” 

A Microsoft spokesman released a statement regarding their work with CISA and other government agencies: “The best protection is to apply updates as soon as possible across all impacted systems. We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources.”

SolarWinds is expected to attend a congressional hearing this month with Microsoft’s president, Brad Smith, and other tech executives regarding another historically large cyberattack. Smith claims that “hacks like these are difficult to address as many organizations do not publicly announce breaches until long after they’re discovered.” The investigation will be ongoing and the court proceedings will likely be at the end of the month.