North Dakota suspects Chinese hackers had control of public email servers during cyberattack
A group of Chinese "threat actors" known as Hafnium had access to data in email servers belonging to cities, counties and school districts, but the department is still investigating whether the hackers took the data or caused any harm, according to a state official.
BISMARCK — The North Dakota Department of Information Technology believes Chinese hackers had access to data in public email servers belonging to cities, counties and school districts in the state.
A group of government-sponsored Chinese "threat actors" known as Hafnium had control of the local entities' Microsoft Exchange email servers, but the department is still investigating whether the hackers took data or caused any harm, Chief Information Security Officer Kevin Ford said through department spokeswoman Kelly Ivahnenko.
"The fact of the matter is that we don’t know what (Hafnium) did once they had the (hacking tools) on the servers," Ivahnenko said in a text message. "They may have just installed them and never touched them. They may have done something different on each computer they touched. What they did when they had control is still under investigation."
Microsoft announced earlier this week it had discovered flaws in its Exchange Server software that Beijing-backed Hafnium hackers had exploited to gain access to email accounts. The full extent of the cyberattack is unknown, but it's thought to affect email servers nationwide.
Ivahnenko declined to say which or how many North Dakota cities, counties and school districts were compromised during the cyberattack, citing the ongoing investigation, but she said the department is confident the state's email servers weren't hacked.
The Grand Forks Herald reported Friday, March 5, that Grand Forks County shut down its email servers as a precautionary measure, but accounts vary on whether hackers breached the system.
Fargo Chief Information Officer Ron Gronneberg said he didn't know of any hacks to the city's email server, and Cass County Administrator Robert Wilson said the county's system was "in good shape" and hadn't been affected by the attacks.
Bismarck Mayor Steve Bakken said the capital city's servers were not breached, but he was aware of the situation. Burleigh County Commission Chairwoman Kathleen Jones did not respond to a request for comment.
Ivahnenko said the state IT department's security team "hasn't slept in several days" as it investigates the extent of the attack and tries to shore up potentially vulnerable servers.
Along with the local entities that had their systems compromised, the department has asked a number of other entities to update and upgrade their Exchange Servers to prevent any breaches. Email service may be temporarily shut down while the changes are made, according to a statement from the department.
The department credits a newly rolled-out anti-malware software with allowing officials to "take almost immediate steps" to counter the cyberthreats. The department has offered the software to cities, counties and school districts for free over the last few months.
Republican Gov. Doug Burgum, a former Microsoft executive, has emphasized cybersecurity and technological advancement during his four years in office.