- American National Security Adviser said the U.S. is still working to determine the full scope and scale of the Microsoft Exchange hack.
- Cybersecurity analysts believe Chinese cyber spies are behind the recent attacks on US corporations.
- Microsoft is investigating whether the hack might be linked to information that was leaked by the company or its partners.
Microsoft is investigating whether a world-wide cyber attack on tens of thousands of its corporate customers may be linked to a leak of information by the company or its partners, according to people familiar with the matter.
The investigation centres in part on the question of how a stealthy cyberattack that began in early January picked up steam in the week before the company was able to send a software fix to customers. In that time, a handful of China-linked hacking groups obtained the tools that allowed them to launch wide-ranging cyberattacks that have now infected computers all over the world running Microsoft's Exchange email software.
American National Security Adviser (NSA), Jake Sullivan described the Microsoft Exchange attack, which triggered a global wave of cyber infections beginning 26th February, as "significant" but also added the exact number of victims is still unclear.
Some of the tools used in the second wave of the attack bear resemblance with the "proof-of-concept" attack code that Microsoft distributed to antivirus companies and other security partners on February 23, investigators at security companies say. Microsoft had planned to release its security fixes two weeks later, on March 9, but after the second wave began it pushed out the patches a week early, on March 2, according to researchers.
"The precise number of systems that have been exposed by this vulnerability and have been exploited either by nation-state threat actors or ransomware hackers or others, that is something that we are urgently working with the private sector to determine," Sullivan said at Friday's White House briefing. "It is certainly the case that the malign actors are still in some of these Microsoft Exchange systems, which is why we have pushed so hard to get those systems patched, to get remediation underway."
The Biden administration is mobilising a "robust whole-of-government response" to the cyberattack, but it is ultimately up to private companies to shore up the security of their systems, Sullivan said.
On Friday, President Joe Biden and Prime Ministers Narendra Modi of India, Scott Morrison of Australia, and Yoshihide Suga of Japan, the leaders of the Indo-Pacific nations known as the "Quad" held a virtual meeting and agreed to establish a working group that will focus on the growing threat of cyberattacks in those countries, Sullivan said.
While cybersecurity analysts believe Chinese cyber spies are behind the recent attacks on US corporations, Sullivan said the U.S. government is not yet ready to publicly cast blame.
The Chinese embassy in Washington has said Beijing "firmly opposes and combats cyber attacks and cyber theft in all forms" and cautioned that attribution of cyberattacks should be based on evidence and not "groundless accusations."
A senior US administration official said the attackers appeared to be sophisticated and capable but said: "they took advantage of weaknesses that were in that software from its creation".