White House refuses to confirm China behind Microsoft Exchange hack
UPDATED 1:20 PM PT – Saturday, March 13, 2021
White House officials dodged questions from the press corps about the recent Microsoft Exchange hack. Before his face-to-face upcoming meeting with Chinese officials, White House National Security Advisor Jake Sullivan faced off with the press corps.
Reporters wasted no time Thursday trying to pin down the administration’s position on the latest China-linked scandal.
In early March, Microsoft alerted users that their email server, Exchange, had been compromised, which allowed the hackers to install malware to “facilitate long-term access” to a number of systems. In an effort to stop the attacks, the Microsoft Threat Intelligence Center analyzed the group’s victimology, tactics and procedures.
With a high degree of confidence, Microsoft attributed the attacks to a group they’ve named Hafnium, a so-called “state-sponsored threat actor” operating out of China. However, despite the manufacturer of the very system that was targeted confirming they knew who their attacker was, Sullivan claimed the White House wasn’t so sure.
“I’m not in a position standing here today to provide attribution, but I do pledge to you that we will be in a position to attribute that attack at some point in the near future,” Sullivan noted. “And we won’t hide the ball on that. We will come forward and say who we believe perpetrated the attack.”
Just days after the initial announcement, Microsoft even reported the attacks were ongoing. Sullivan misunderstood.
“It is still ongoing in the sense that we are still gathering information,” he claimed. We are still trying to determine the scope and scale. It is significant.”
Indeed, current estimates show that more than 60,000 organizations were compromised. Additionally, security teams worked in conjunction with Microsoft to reveal that the number of hacking attempts tripled every two to three hours.
A senior administration official told CNN that the “window for updating exposed servers” was “measured in hours, not days.”
Despite the urgency, Sullivan claimed at the end of the day, it’s every server for itself.
“Ultimately, a lot of this comes down to the private sector taking the steps that they need to take to remediate,” Sullivan said.