White House to formally attribute Hafnium Exchange attacks ‘in the coming weeks’
Image: Srikanta H. U
Catalin Cimpanu July 5, 2021

White House to formally attribute Hafnium Exchange attacks ‘in the coming weeks’

White House to formally attribute Hafnium Exchange attacks ‘in the coming weeks’

The White House is preparing to formally attribute the Hafnium attacks on Microsoft Exchange servers in the coming weeks; a top US official said last week.

  • The news comes from Anne Neuberger, Deputy National Security Advisor for Cyber and Emerging Technology in the Biden Administration, who spoke last week at an event organized by the Silverado Policy Accelerator think tank.
  • The Hafnium activity is a series of cyber-attacks against Microsoft Exchange servers that took place in early 2021.
  • The attackers used an Exchange zero-day vulnerability to gain access and plant backdoors on email servers across the world.
  • The attacks came to light in early March when Microsoft disclosed the attacks, released a patch, and formally linked the intrusions to a Chinese state-sponsored espionage group.
  • At the time, due to the size, severity, and espionage impact of the attack, the Biden administration launched an emergency task force to address the Hafnium group’s attacks on Exchange servers.
  • In her interview at the Silverado Policy Accelerator event, Neuberger, who led the task force, praised her team’s work with private industry partners, and especially their work to push Microsoft into releasing a one-click tool to help companies patch Exchange servers.
  • Neuberger said this tool greatly accelerated the patching process and helped bring down the number of vulnerable Exchange systems from 140,000 to less than 10 in a week.

A recording of Neuberger’s interview with Dmitri Alperovitch, Chairman of the Silverado Policy Accelerator, is available here, which includes discussions on several other topics, such as vulnerabilities in the global semiconductor supply chain, the recent wave of ransomware attacks targeting US private companies, and internal dynamics of the Biden’s administration on cybersecurity topics.

Catalin Cimpanu is a cybersecurity reporter for The Record. He previously worked at ZDNet and Bleeping Computer, where he became a well-known name in the industry for his constant scoops on new vulnerabilities, cyberattacks, and law enforcement actions against hackers.