More than 20,000 American organizations have been compromised through a back door installed via a recently patched flaw in Microsoft Corp’s flagship email software program, a person familiar with the U.S. government’s response to the hacking spree said on Friday.
It is the latest indication of how problems in widely used software can be used as jumping-off points for wide-ranging digital espionage campaigns.
Microsoft, which had initially said the espionage campaign consisted of “limited and targeted attacks,” did not immediately return a message seeking comment.
The Cybersecurity and Infrastructure Security Agency did not immediately respond to an email.
FireEye CEO says SolarWinds hack was found after security staff noticed issue with employee account
Earlier on Friday, White House press secretary Jen Psaki told reporters that the vulnerabilities found in Microsoft’s widely used Exchange servers were “significant,” and “could have far-reaching impacts.”
“We’re concerned that there’re a large number of victims,” Psaki said.
(Reporting by Raphael Satter in Washington Editing by David Gregorio and Matthew Lewis)