Biden admin to form task force to deal with Microsoft hack linked to China
Mar 07, 2021
Washington [US], March 7 : A US official said that President Joe Biden's administration is expected to put together a task force to deal with major cyber intrusions that Microsoft said this week were linked to China as relations between the two -- Washington and Beijing -- continues to spiral downwards.
CNN, citing the US official, reported that there are an estimated 30,000 affected customers in the US and 250,000 globally, though those numbers are expected to increase. However, the White House declined to comment on the number of victims affected.
"We are undertaking a whole of government response to assess and address the impact. The Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to agencies and we're now working with our partners and looking closely at the next steps we need to take. This is an active threat still developing and we urge network operators to take it very seriously," a White House official said.
The US official said that the task force or, "Unified Coordination Group" (UCG), is a multi-agency effort initiated by the National Security Council, that includes FBI, Cybersecurity and Infrastructure Security Agency (CISA) and others.
The National Security Agency also has a role in the response, though it's not clear if its involvement is codified as part of the UCG directive, according to another source familiar with the situation.
"This has the potential to simultaneously affect organizations that are critical to everyday life in the US," a source familiar with the investigation into the attack told CNN, noting that state and local government agencies were among those affected.
The Hill reported that Cybersecurity group FireEye on Thursday night announced it had found evidence that hackers had exploited a flaw in a popular Microsoft email application since as early as January to target groups across a variety of sectors.
FireEye analysts wrote in a blog post that the company had observed the hackers -- who Microsoft announced earlier this week were a Chinese state-sponsored hacking group known as "Hafnium" -- exploiting vulnerabilities in Microsoft's Exchange Server email program to target at least one FireEye client beginning in January.
The news outlet further reported that Microsoft said the Chinese hacking group was actively exploiting previously unknown security flaws in Exchange Server to go after groups running the program.
The company noted that Hafnium had previously been known to steal information from organizations including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and non-governmental organizations.
In February, the National Counterintelligence and Security Center (NCSC) warned that the efforts made by the Chinese Communist Party to obtain US health data, particularly DNA, through hacking had stepped up during the COVID-19 pandemic.
According to The Hill, the agency noted that these efforts had increased during the COVID-19 pandemic, with Chinese biotech group BGI offering COVID-19 testing kits to the majority of countries and establishing 18 testing labs over the past six months alone, allegedly as part of an effort to obtain health data.
The NCSC wrote that US health data was an attractive target for the Chinese government due to the diversity of the population and because of the nation's comparably lax safeguards for personal data.
Under the Trump administration, ties between the two countries had deteriorated over issues such as human rights violations in Xinjiang, encroachment on the special status of Hong Kong, accusations of unfair trade practices by Beijing, lack of transparency concerning the pandemic and China's military aggression in various parts of the world.
Meanwhile, Chinese hackers also have been trying hard to crack Indian cyberspace. There have been more aggressive attempts of hacking by Chinese hackers since last one year.
Various government organisations like the Computer Emergency Response Team (CERT-IN) and the National Critical Information Infrastructure Protection Centre (NCIIPC) are following trends and keeping a track of attempts made by the Chinese post the Galwan clash.