Alleged Chinese attack on Microsoft Exchange remains an 'active threat,' says US government

Microsoft logo
Microsoft logo (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • The recent hack of Microsoft's Exchange email server software remains an "active threat."
  • Microsoft rolled out patches to vulnerabilities, but organizations that were already compromised are still at risk.
  • At least 20,000 organizations have been compromised by the hacks, according to recent reports.

Last week, news emerged that Microsoft's Exchange email server software was hacked. Microsoft blamed a state-sponsored group out of China, but Beijing has denied any involvement. The company released several security updates to address vulnerabilities, but the hacks remain an "active threat," according to the U.S. government.

Reuters reports that while Microsoft released a patch that addresses the vulnerability, that any server already compromised by the attack can still be accessed through a "back-door."

The National Security Council sent a Tweet over the weekend regarding the attack that states:

Patching and mitigation is not remediation if the servers have already been compromised. It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted.

A White House official told Reuters that "This is an active threat still developing and we urge network operators to take it very seriously." According to a source that spoke with Reuters, more than 20,000 organizations had been compromised by the hack as of March 7, 2021.

Top U.S. security officials are working to decide the next steps, according to a White House official that spoke with Reuters.

Organizations that have already been compromised could include credit unions, local government offices, and small businesses. Reuters states that the situation has "left U.S. officials scrambling to reach victims, with the FBI on Sunday urging them to contact the law enforcement agency."

A Microsoft representative told Reuters that the company is working with the U.S. government and others to help customers. The company also urged impacted clients to apply the software updates that it has rolled out as soon as possible.

A source told Reuters that only a small percentage of networks have been compromised through the back-door vulnerability, but that more attacks are expected.

Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.