Security News > 2021 > March > US National Security Council urges review of Exchange Servers in wake of Hafnium attack

The Biden administration has urged users of Microsoft's Exchange mail and messaging server to ensure they have not fallen victim to the recently-detected "Hafnium" attack on Exchange Server that Microsoft says originated in China.
Microsoft revealed the attack last week and released Exchange security updates.
The Biden administration's Cybersecurity and Infrastructure Security Agency followed up with a March 5 general advisory encouraging upgrades to on-premises Exchange environments.
On March 7, the US National Security Council tweeted that patching and mitigation was not enough to protect vulnerable systems.
Microsoft has issued additional mitigation advice for those unable to patch Exchange Server.
With 30,000 US-based Exchange users thought to have been targeted by whoever was behind Hafnium, and 250,000 impacted globally, reports are suggesting the Biden administration will create a task force to address the Hafnium attack and its aftermath.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/03/08/us_national_security_council_says/
Related news
- Ex-NSA grandee says Trump's staff cuts will 'devastate' America's national security (source)
- Feds name and charge alleged Silk Typhoon spies behind years of China-on-US attacks (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- US seizes domain of Garantex crypto exchange used by ransomware gangs (source)
- FCC stands up Council on National Security to fight China in ways that CISA used to (source)
- Ex-NSA boss: Election security focus helped dissuade increase in Russian meddling with US (source)
- AI-Powered SaaS Security: Keeping Pace with an Expanding Attack Surface (source)
- US defense contractor cops to sloppy security, settles after infosec lead blows whistle (source)
- Forget Signal. National Security Adviser Waltz now accused of using Gmail for work (source)
- New TCESB Malware Found in Active Attacks Exploiting ESET Security Scanner (source)