Cybersecurity

Hafnium hack poses new long-term threat for already overtaxed cyber workers

malware detection (Alexander Yakimov/Shutterstock.com) 

Federal agencies still reeling from the effects of a massive hack involving SolarWinds may face a new challenge of evicting any adversaries that breached their networks through recently discovered vulnerabilities in Microsoft's Exchange software.

"Patching and mitigation is not remediation if the servers have already been compromised," the National Security Council said in a tweet on Friday. "It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted."

President Joe Biden's National Security Advisor Jake Sullivan also took to Twitter to urge U.S. think tanks and defense industrial base contractors "to patch ASAP."

The rare, public warning from the White House urging public and private entities to update their systems followed the Cybersecurity and Infrastructure Security Agency issuing an emergency directive last week, citing an "unacceptable risk" posed by zero-day exploits discovered in Exchange. Microsoft in a recent blog post said it has observed a China-based group, dubbed "Hafnium," using those vulnerabilities to target U.S. organizations.

CISA's directive instructed all civilian federal agencies to immediately disconnect or update Exchange products running on-premise. It also ordered agency CIOs to conduct digital forensics to find indicators of compromise and report back to CISA by noon on March 5.

A spokesman told FCW today that CISA has received reports from a "majority" of civilian agencies. "Currently, agencies continue to patch affected servers and investigate for indications of compromise," he continued.

A spokesman for the Pentagon told FCW, the Defense Department "is aware of the Microsoft Threat Intelligence Center's report and is currently assessing our networks for any evidence of impact. We are taking all necessary steps to identify and remedy any possible issues related to this situation."

Independent security researcher and journalist Brian Krebs reported in his blog on Friday that up to 30,000 organizations may have been affected by the vulnerabilities.

Chris Krebs, the former CISA director, predicted on Twitter that the hack will "disproportionately impact those that can least afford it," and noted that the vulnerability is "trivial to exploit," meaning that anyone aware of the flaw with a bare minimum of technical ability can implant malware on unpatched systems.

About the Author

Justin Katz is a former staff writer at FCW.


Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected