White House on hack of Microsoft Corp Outlook: 'It's still an active threat'

White House on Sunday urged computer network operators to elevate the steps to determine whether they were targetted amid a hack of Microsoft Corp Outlook email program and said that a recent software patch still left some vulnerabilities. White House press secretary Jen Psaki on Friday said that “this is an active threat” and added, “Everyone running these servers - government, private sector, academia - needs to act now to patch them.” Microsoft had previously said that the hackers had used its mail server to attack their targets. 

For a long, the United States has long accused the Chinese government of cyber-espionage even though Beijing has repeatedly denied any involvement. Psaki had told the reporters that the White House was “concerned that there are a large number of victims" and said the vulnerabilities found in Microsoft's servers "could have far-reaching impacts". Further, on Saturday, the United States National Security Council said it was "essential that any organisation with a vulnerable server take immediate measures" to determine if they had been targeted.

Read - Microsoft After India: China Bats Away Another Cyber-attack Claim With No Specific Counter

Read - What Is Microsoft Rewards? How To Make Microsoft Rewards Account? Know Details

Microsoft Says Chinese Hackers Remotely Plundering Email Inboxes

Microsoft on March 2 said that a Chinese cyber-espionage group has been remotely plundering email inboxes using freshly discovered flaws in its mail server software. In a blog post, the tech giant said that the hackers belonged to a state-backed group, which was a “highly skilled and sophisticated actor”. The company also added that the hacking campaign made use of four previously undetected vulnerabilities in different versions of the software. 

According to the blog post, the security flaws allowed the hackers to remotely plunder email inboxes. Microsoft’s Theft Intelligence Centre attributed that attacks with “high confidence” to Hafnium, which is a group assessed to be state-sponsored and operating out of China. The company said that Hafnium targets infectious disease researchers, law firms, higher education institutions and defence contractors. It also added that policy think tanks and non-governmental groups have also been targeted. 

Microsoft said that although Hafnium is based in China, it, however, conducts its operations primarily from leased virtual private servers in the US. It added that the company has observed Hafnium interacting with users of its office 365 suite. Further, the company has also released software updates aimed at addressing the vulnerabilities in its software.

Read - Microsoft Ignite Cloud Skills Challenge 2021 Starts Today: Know Registration Details

Read - Microsoft Says Chinese Hackers Remotely Plundering Email Inboxes

Image credits: Representative/Unsplash