The administration of Biden is highly alarming about a series of recently found cyber intrusions that were associated with China as stated by Microsoft this week. The White House has cautioned that the use of newly disclosed vulnerabilities in Microsoft applications that has affected "a significant number of victims" in the US.
"This is an active threat," White House press secretary Jen Psaki said on Friday. "Everyone running these servers - government, private sector, academia - needs to act now to patch them."
Microsoft said hackers were attacking their targets using its mail server. Tens of thousands of American organizations have indeed been confirmed to be affected. For a long time, the US has suspected the Chinese administration of cyber-espionage.
On Saturday, the U.S. National Security Council stated, "essential that any organization with a vulnerable server take immediate measures".
Later on Friday, the Cybersecurity and Infrastructure Security Agency underlined the danger in an unusually straightforward tweet saying that maltreatment could "enable an attacker to gain control of an entire enterprise network."
White House officials encouraged private sector companies running Microsoft Exchange Server software to install several crucial upgrades, which were reported as an emergency patch. This week Microsoft announced that it was aware of many vulnerabilities that Chinese hijackers have exploited in its server program. The hacker party, which Microsoft calls Hafnium, has gone after, "infectious disease researchers," law firms, higher education institutions, defense contractors, policy think-tanks, and NGOs, Microsoft stated previously. According to Microsoft, the party concerned had not recently been identified by the public.
In the US, over 20,000 organizations, with many more impacted globally, have been hacked, Reuters said. In recent days, an unusually active Chinese cyber spying unit has infiltrated at least 30,000 organizations in the USA — including a large number of small companies, towns, cities, and local governments — aiming at robbing e-mail from victim organizations.
Microsoft did not confirm the figures but said that it was working closely with the US government agencies in a further statement on Friday. They advised clients that "the best protection" was "to apply updates as soon as possible across all impacted systems." However, it said that it had implemented such mitigation strategies to support those who are not able to rapidly update but cautioned that they are not "a remediation if your Exchange servers have already been compromised, nor are they full protection against attack."