CISA

CISA Exec: Civilian Agencies Unscathed in Microsoft Exchange Hack

A top official from the Cybersecurity and Infrastructure Security Agency told lawmakers in a recent House hearing that no federal civilian agencies thus far have been compromised by the vulnerabilities found in Microsoft’s Exchange software.

Eric Goldstein, executive assistant director of CISA’s cybersecurity division, added that the investigations are ongoing, with new updates emerging every hour.

He noted that agencies have responded well to CISA’s emergency directive, mitigating the risks associated with the affected Microsoft Exchange servers across the federal civilian executive branch, Nextgov reported Thursday.

Emergency Directive 21-02 was released by CISA on March 2. It instructed federal civilian agencies to either update or disconnect Microsoft Exchange on-premises products from their networks until they could install patches issued by Microsoft.

The Department of Defense went on to release a cyber tasking order requiring all defense agencies to take all necessary action to protect DOD networks and information technology systems.

According to security company Volexity, attacks on the Exchange software started in early January. The Microsoft Threat Intelligence Center identified a China-based group called Hafnium as one of the culprits behind the exploitation of the Exchange software vulnerabilities.

Lawmakers inquired about CISA’s investigation into the matter as they were preparing to vote on the latest COVID relief bill, which earmarks $2 billion for cybersecurity and technology modernization.

The proposed bill allocates $650 million specifically for CISA, which the agency intends to use to hire more threat hunters and purchase tools for increased visibility and better incident response.