Administration to release attribution for Microsoft vulnerabilities in ‘coming weeks’

The Biden administration is working to formally attribute the exploitation of vulnerabilities in Microsoft’s Exchange Server application, which left thousands of organizations vulnerable to attack, “in the coming weeks,” a top official said Tuesday.

“I think you saw the national security adviser Jake Sullivan say that we will attribute that activity, and along with that of course determine what needs to do as a follow up from that and I think you’ll be seeing further on that in the coming weeks,” Anne Neuberger, the deputy national security advisor for cyber and emerging technology, said during a virtual event hosted by the Silverado Policy Accelerator.

Neuberger’s comments came months after Microsoft announced the discovery of new vulnerabilities in its Exchange Server program, and assessed with “high confidence” that a hacking group known as “HAFNIUM,” a Chinese state-sponsored group, was exploiting these vulnerabilities.

According to Neuberger, around 140,000 organizations were left vulnerable to attack by HAFNIUM or other hacking groups. Tuesday, the official praised Microsoft for quickly releasing a patch that reduced this number to less than 10 vulnerable groups in a week.

Other cyber initiatives move forward: The administration announced in April a 100-day plan to strengthen the cybersecurity of the electricity sector. Neuberger said Tuesday that the effort had been “really successful,” and that electric utility companies representing more than 56 million customers have deployed cybersecurity monitoring technology.