The U.S. has issued an emergency warning after Microsoft said it caught China hacking into its mail and calendar server program, called Exchange.
The perpetrator, Microsoft said in a blog post, is a hacker group that the company has “high confidence” is working for the Chinese government and spies primarily on American targets. The latest software update for Exchange blocks the hackers, prompting the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, to issue a rare emergency directive that requires all government networks do so.
CISA, the U.S.’s primary defensive cybersecurity agency, rarely exercises its authority to demand that the entire U.S. government take steps to protect its cybersecurity. The move was necessary, the agency said, because the Exchange hackers are able “to gain persistent system access.” All government agencies have until noon Friday to download the latest software update.
In a separate blog post, Microsoft Vice President Tom Burt wrote that the hackers have recently spied on a wide range of American targets, including disease researchers, law firms and defense contractors.
Burt added that the company had seen no evidence that individual consumers were targeted but emphasized that the hacker group has previously targeted “infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.”
Contacted by email, a spokesperson for the Chinese Embassy in Washington referred to recent…