"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2022-03-22T21:58:40Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2022/03/22/cybersecurity-ceo-cyberattacks-russia-ukraine-invasion-qmb-vpx.cnnbusiness"
data-branding-key=""
data-video-slug="cybersecurity ceo cyberattacks russia ukraine invasion qmb vpx"
data-first-publish-slug="cybersecurity ceo cyberattacks russia ukraine invasion qmb vpx"
data-video-tags="business and industry sectors,business, economy and trade,computer science and information technology,continents and regions,crime, law enforcement and corrections,criminal offenses,cyber attacks,digital crime,digital security,eastern europe,embargoes and sanctions,europe,international relations,international relations and national security,malware,russia,russia-ukraine conflict,software and applications,technology,ukraine,unrest, conflicts and war"
data-details="">
Video Ad Feedback
Cybersecurity CEO: 'More targeted ransomware attacks' by Russia coming
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2021-12-14T20:51:21Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/tech/2021/12/14/us-cyber-warning-software-vulnerability-marquardt-nr-vpx.cnn"
data-branding-key=""
data-video-slug="us cyber warning software vulnerability marquardt nr vpx"
data-first-publish-slug="us cyber warning software vulnerability marquardt nr vpx"
data-video-tags="business and industry sectors,business, economy and trade,computer science and information technology,crime, law enforcement and corrections,criminal offenses,cyberterrorism,digital crime,digital security,international relations and national security,national security,software and applications,technology,terrorism,terrorism and counter-terrorism,unrest, conflicts and war"
data-details="">
Video Ad Feedback
How your device could be at risk of 'one of the most serious' cyber security threats
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2021-08-03T17:51:30Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2021/08/03/solarwinds-ceo-cybersecurity-hacks.cnnbusinesss"
data-branding-key="the-chat-with-julia-chatterley"
data-video-slug="solarwinds ceo cybersecurity hacks"
data-first-publish-slug="solarwinds ceo cybersecurity hacks"
data-video-tags="celebrities,companies,crime, law enforcement and corrections,criminal offenses,cyberterrorism,digital crime,digital security,international relations and national security,julia chatterley,national security,solarwinds,technology,terrorism,terrorism and counter-terrorism,unrest, conflicts and war"
data-details="">
Video Ad Feedback
SolarWinds CEO: Cyber threats need community vigilance
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2021-06-10T14:21:09Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2021/06/10/fireeye-ceo-cybersecurity-ransomware.cnnbusiness"
data-branding-key="the-chat-with-julia-chatterley"
data-video-slug="fireeye ceo cybersecurity ransomware"
data-first-publish-slug="fireeye ceo cybersecurity ransomware"
data-video-tags="business executives,business, economy and trade,companies,compensation and benefits,crime, law enforcement and corrections,criminal offenses,currencies,digital crime,digital currencies,economy and economic indicators,executive pay,fireeye,labor and employment,money, banknotes and coins,technology,workers and professionals"
data-details="">
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2021-06-03T22:01:48Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2021/06/03/companies-ransomware-white-house-marquardt-dnt-vpx.cnn"
data-branding-key=""
data-video-slug="companies ransomware white house marquardt dnt vpx"
data-first-publish-slug="companies ransomware white house marquardt dnt vpx"
data-video-tags="business and industry sectors,business, economy and trade,computer science and information technology,continents and regions,crime, law enforcement and corrections,criminal offenses,digital crime,digital security,eastern europe,europe,food and beverage industry,food production industry,government and public administration,government bodies and offices,malware,politics,russia,software and applications,technology,us federal government,white house"
data-details="">
Video Ad Feedback
White House urges companies to take cyberattack threat more seriously
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2021-05-11T15:04:18Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2021/05/11/ibm-ceo-cybersecurity.cnnbusiness"
data-branding-key="the-chat-with-julia-chatterley"
data-video-slug="ibm ceo cybersecurity"
data-first-publish-slug="ibm ceo cybersecurity"
data-video-tags="companies,government organizations - us,ibm,nasa,space and astronomy,us federal departments and agencies,us government independent agencies"
data-details="">
Video Ad Feedback
IBM CEO: Cybersecurity needs to be a collective effort led by government
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2020-03-13T12:12:56Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2020/03/12/sim-swap-hacker-stole-one-million-sg-orig.cnn"
data-branding-key="unhackable"
data-video-slug="sim swap hacker stole one million sg orig"
data-first-publish-slug="sim swap hacker stole one million sg orig"
data-video-tags="business and industry sectors,business, economy and trade,consumer electronics,consumer products,crime, law enforcement and corrections,criminal offenses,digital crime,digital security,electronics,mobile and cellular telephones,mobile technology,technology,telecommunications industry,wireless carriers,wireless industry"
data-details="">
Video Ad Feedback
A hacker stole $1 million from him by tricking his cell phone provider
"
data-check-event-based-preview=""
data-is-vertical-video-embed="false"
data-network-id=""
data-publish-date="2019-07-23T12:00:39Z"
data-video-section="business"
data-canonical-url="https://www.cnn.com/videos/business/2018/09/25/biggest-data-breaches-equifax-orig.cnn-business"
data-branding-key="unhackable"
data-video-slug="biggest data breaches equifax orig"
data-first-publish-slug="biggest data breaches equifax orig"
data-video-tags="banking, finance and investments,big data,business and industry sectors,business, economy and trade,companies,computer science and information technology,consumer credit reporting,consumer loans and credit,credit cards,crime, law enforcement and corrections,criminal offenses,digital crime,digital security,equifax incorporated,information management,linkedin corporation,oath (company),personal finance,target corp,technology,yahoo inc"
data-details="">
The breach is believed to have targeted hundreds of thousands of Exchange users around the world. Microsoft
(MSFT) said four vulnerabilities in its software allowed hackers to access servers for the popular email and calendar service, andthe company urged customers to immediately update their on-premises systems with software fixes.
Since the hack was reported last Tuesday, “a large number” of additional threat actors “have been rushing to exploit these vulnerabilities” in Exchange servers that have not yet been updated, cybersecurity software firm Symantec said Monday, adding another layer of urgency to the situation and potentially leading to more victims.
“This is the real deal,” Christopher Krebs, former director of the US Cybersecurity and Infrastructure Security Agency (CISA), tweeted last week, encouraging Exchange server users to quickly respond to the issue.
Here’s what is known about the hack so far:
Who is behind it?
Microsoft attributed the attack to a network of hackers it calls Hafnium, a group the company “assessed to be state sponsored and operating out of China.” The “state-sponsored” actor was identified by the Microsoft Threat Intelligence Center based on observed “tactics and procedures,” according to the company.
Though Hafnium is believed to be based in China, it usually strikes using virtual private servers based in the United States, Microsoft said. The company referred to the group as “a highly skilled and sophisticated actor.”
A spokesperson for China’s Ministry of Foreign Affairs said that the country “firmly opposes and fights all forms of cyber-attacks and thefts in accordance with the law.”
It’s worth noting that the Microsoft Exchange hack is unrelated to the SolarWinds attack that the US government and businesses have been reeling from in recent months, which is suspected to be linked to Russia.
Who was targeted?
As of Saturday, there were an estimated 30,000 affected customers in the United States and 250,000 globally, though those numbers could increase, a US official told CNN.
The hack is mainly a concern for business and government customers that use Microsoft’sExchange Server product. Microsoft said it has “no evidence that Hafnium’s activities targeted individual consumers or that these exploits impact other Microsoft products.”
It has said the cloud-based Exchange Online and Microsoft 365 products were not affected.
The types of victims so far identified by Microsoft and US government agencies include state and local governments, policy think tanks, academic institutions, infectious disease researchers and businesses such as law firms and defense contractors. Cybersecurity firm FireEye also said last week that it had identified multiple specific victims “including US-based retailers, local governments, a university and an engineering firm.”
What is the goal of the hack?
The attack gave hackers access to the email systems of targeted organizations. Once the Hafnium attackers compromise an organization, Microsoft said, they have been known to steal data such as emails and address books, and to gain access to its user account database.
One victim, a person working at a Washington think tank who was contacted by the FBI, said attackers had used the unauthorized access to email that person’s contacts in a way that looked legitimate. Each message included links asking people to click on them, the person told CNN on Friday.
Hackers could also install additional malware to facilitate ongoing, long-term access to victims’ systems, including files, inboxes and credentials stored there.
What is being done about it?
Microsoft last week released emergency security updates for customers using on-premises Exchange Server systems.
“We strongly encourage all Exchange Server customers to apply these updates immediately,” Microsoft said in a statement.
Microsoft released a tool that can help users detect related malicious activity. CISA, the US cybersecurity agency, advised network security officials to look for evidence of intrusions as far back as September 2020, and released an emergency directive on Tuesday requiring federal agencies to either update their servers or to disconnect them.
White House press secretary Jen Psaki and national security adviser Jake Sullivan also urged IT administrators nationwide to install the software fixes immediately.
The CISA last week warned that if not addressed, the malicious activity could “enable an attacker to gain control of an entire enterprise network.”
Biden administration is expected to form a task force involving multiple agencies — including the National Security Council, FBI, CISA and others — to address the hack.
“This has the potential to simultaneously affect organizations that are critical to everyday life in the US,” a source familiar with the US government investigation into the attack told CNN.
![This photo taken on August 4, 2020 shows Prince, a member of the hacking group Red Hacker Alliance who refused to give his real name, using his computer at their office in Dongguan, China's southern Guangdong province. - From a small, dingy office tucked away in an industrial city in southern China, one of China's last "volunteer hacker" groups maintains a final outpost in its patriotic hacking war. (Photo by NICOLAS ASFOURI / AFP) / TO GO WITH China-hacking-security,FOCUS by Laurie Chen / The erroneous mention[s] appearing in the metadata of this photo by NICOLAS ASFOURI has been modified in AFP systems in the following, we removed the HOLD HOLD HOLD in the main caption. Please immediately remove the erroneous mention[s] from all your online services and delete it (them) from your servers. If you have been authorized by AFP to distribute it (them) to third parties, please ensure that the same actions are carried out by them. Failure to promptly comply with these instructions will entail liability on your part for any continued or post notification usage. Therefore we thank you very much for all your attention and prompt action. We are sorry for the inconvenience this notification may cause and remain at your disposal for any further information you may require. (Photo by NICOLAS ASFOURI/AFP via Getty Images)](https://media.cnn.com/api/v1/images/stellar/prod/210621154549-hackers-keyboard.jpg?q=x_0,y_131,h_1419,w_2523,c_crop/w_250)
