The Latest Microsoft Hack Looks Like It Could Be Huge | WHAT REALLY HAPPENED

The Latest Microsoft Hack Looks Like It Could Be Huge

Microsoft announced this week that another one of its email products, Exchange, had been compromised by a hacking campaign. This recent hack is actually totally unrelated to the “SolarWinds” one, in which Microsoft has also played an outsized role.

A state-sponsored threat actor from China dubbed “HAFNIUM” is said to be exploiting a number of zero-day flaws in on-premises Microsoft Exchange servers all over the globe in an apparent effort to steal data. Exchange essentially works with mail clients like Microsoft Office, ensuring that updates to devices are synchronized. It’s a very widely used product, to say the least. While Microsoft has sought to play down the potential scope of this hack (calling it “limited and targeted” in nature), it is beginning to look like that assessment is actually really, really wrong.

Among the numerous parties to disagree with the “limited and targeted” assessment is the White House, which said Friday that they were “concerned” about the extent of the attack. During a press conference, Biden administration spokesperson Jen Psaki said:

Everyone running these servers — government, private sector, academia — needs to act now to patch them. We are concerned that there are a large number of victims and are working with our partners to understand the scope of this...Network owners also need to consider whether they have already been compromised and should immediately take appropriate steps. The Cybersecurity and Infrastructure Security Agency issued an emergency directive to agencies, and we’re now looking closely at the next steps we need to take. It’s still developing. We urge network operators to take it very seriously...