This article does not intend to provide an extensive coverage of the story, just a brief overview. Please see the official information from Microsoft and US government agencies for the full details.
What
Firstly, it should be made clear that we are referring to the software that Microsoft distributes for organisations, rather than the cloud service.
In an official post, Microsoft announced that four vulnerabilities (3 scoring 7.8 and the other 9.1) in the software were found, “which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments.”. They quickly released a patch and are urging all to apply it.
Who
Microsoft say that an organisation known as Hafnium appears to be responsible for the attack. They say Hafnium are based in China, and sponsored by the Chinese government. However, a spokesperson for China’s Ministry of Foreign Affairs denied this, according to CNN.
The Response
Organisations should…
- Follow Microsoft’s guidance to look for traces of the attack
- Apply the patches as soon as possible
This should be considered a matter of urgency – the CISA, part of the Department of Homeland Security, issued an Emergency Directive on the matter.
The White House, under the Biden Administration, is set to launch a special Task Force in response to the incident. White House Press Secretary Jen Psaki has warned that this is an ‘active threat’ and that everyone must ‘act now’. It is considered unusual for the White House to be so publicly vocal about a Cyber incident which really highlights the gravity of the situation.
It should be noted that this incident is not believed to be related to SolarWinds.