Officials warn of ‘widespread’ exploit of Microsoft vulnerabilities

The nation’s top cybersecurity official told lawmakers Wednesday that the federal government is seeing “widespread” hacking using recently uncovered vulnerabilities in a Microsoft email application, with researchers saying almost a dozen hacking groups have used the flaw to target a variety of organizations.

Brandon Wales, the acting director of the Cybersecurity and Infrastructure Security Agency (CISA), testified to a House committee that the previously unknown vulnerabilities on Microsoft Exchange Server have been exploited globally and could have long-lasting consequences.

“CISA is already aware of widespread exploitation of the vulnerabilities, and trusted partners have observed malicious actors using these vulnerabilities to gain access to targeted organizations in the United States and globally,” Wales testified to the House Appropriations Homeland Security Subcommittee.

Wales’s comments came the same day cybersecurity group ESET released new research finding that at least 10 hacking groups had been exploiting the Microsoft vulnerabilities.

In addition to Wales’s warnings, the FBI and CISA put out a joint alert on Wednesday outlining the sectors targeted by the hackers, and warning that both federal agencies and private sector groups were at “serious risk” from the Microsoft vulnerabilities.