A person familiar with the US government’s response to the wave of piracy said on Friday that more than 20,000 US organizations were hacked through a backdoor installed via a recently patched flaw in Microsoft’s flagship email program.
It is the latest indication of how problems in widely used software are being used as starting points for large-scale digital espionage campaigns.
Microsoft, which had initially said that the spying campaign consisted of “limited and targeted attacks,” did not immediately respond to a letter requesting comment.
The Cybersecurity and Infrastructure Security Agency did not immediately respond to an email.
Earlier Friday, White House Press Secretary Jane Sackey told reporters that vulnerabilities in the widely used Microsoft Exchange servers are “significant” and “could have far-reaching impacts.”
“We are concerned about the large number of victims,” Psaki said.