IE 11 is not supported. For an optimal experience visit our site on another browser.

U.S. issues warning after Microsoft says China hacked its mail server program

All federal government agencies have until noon Friday to download the latest software update to block the perpetrator.
Image: Microsoft campus
A building on the Microsoft headquarters campus in Redmond, Wash., in 2014.Stephen Brashear / Getty Images file

The U.S. has issued an emergency warning after Microsoft said it caught China hacking into its mail and calendar server program, called Exchange.

The perpetrator, Microsoft said in a blog post, is a hacker group that the company has "high confidence" is working for the Chinese government and spies primarily on American targets. The latest software update for Exchange blocks the hackers, prompting the U.S. Cybersecurity and Infrastructure Security Agency, or CISA, to issue a rare emergency directive that requires all government networks do so.

CISA, the U.S.'s primary defensive cybersecurity agency, rarely exercises its authority to demand that the entire U.S. government take steps to protect its cybersecurity. The move was necessary, the agency said, because the Exchange hackers are able "to gain persistent system access." All government agencies have until noon Friday to download the latest software update.

In a separate blog post, Microsoft Vice President Tom Burt wrote that the hackers have recently spied on a wide range of American targets, including disease researchers, law firms and defense contractors.

Burt added that the company had seen no evidence that individual consumers were targeted but emphasized that the hacker group has previously targeted "infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs."

Contacted by email, a spokesperson for the Chinese Embassy in Washington referred to recent comments by spokesperson Wang Wenbin.

"China has reiterated on multiple occasions that given the virtual nature of cyberspace and the fact that there are all kinds of online actors who are difficult to trace, tracing the source of cyber attacks is a complex technical issue," Wang said.

"We hope that relevant media and company will adopt a professional and responsible attitude and underscore the importance to have enough evidence when identifying cyber-related incidents, rather than make groundless accusations."

There was no immediate indication that the hack had led to significant exploitation of government computer networks. But the announcement marks the second time in recent months that the U.S. has scrambled to address a widespread hacking campaign believed to be the work of foreign government spies.

The U.S. is still sussing out the damage after hackers suspected of being Russian broke into a software management company, SolarWinds, and used the breach to hack nine federal agencies and about 100 private companies, White House deputy national security adviser Anne Neuberger said in February.

Download the NBC News app for breaking news and politics

As the developer behind the most popular operating system in the world, Windows, Microsoft is regarded by Western cybersecurity experts as having exceptional insight into global hacking campaigns.

The campaign gave the hackers access not only to the victims' emails and calendar invitations but also to their entire networks, Microsoft said. The hackers used four distinct "zero-day" exploits, which are rare digital tools that get their name because software developers are unaware of them, giving them no days to prepare fixes.

ESET, a Slovakian cybersecurity company, said on Twitter that its researchers had seen multiple hacker groups, not just the one Microsoft named in its announcement, that were also exploiting some of the same vulnerabilities in older versions of Exchange.