ESET: at least ten, mostly state-backed hacking groups are exploiting Microsoft Exchange vulnerabilities on thousands of servers in over 115 countries — Days before Microsoft released a fix for a secret attack on its email systems, hackers ramped up their activity. Now experts say swift action is required.
In early March 2021, Microsoft announced that it had discovered a series of zero-day vulnerabilities in its Exchange Server software. The vulnerabilities were quickly exploited by a number of hacking groups, leading to widespread attacks on organizations using the software. Microsoft has since released patches to address the vulnerabilities, but the incident serves as a stark reminder of the ongoing threat posed by cybercriminals.
The initial attack on Microsoft Exchange was believed to have been carried out by a group known as Hafnium, believed to be a state-sponsored hacking group from China. The group is believed to have used the vulnerabilities to gain access to email accounts, and then to install web shells that allowed them to maintain persistent access to the systems. From there, they could access sensitive data, steal credentials, and carry out further attacks.
However, it quickly became apparent that other hacking groups were also exploiting the vulnerabilities. In the weeks following Microsoft’s announcement, multiple other groups were identified as having targeted Exchange servers. These groups include a range of both state-sponsored and criminal actors.
The scale of the attacks was significant. Microsoft has estimated that tens of thousands of organizations around the world were affected, with the majority of them located in the United States. The targets ranged from small businesses to large government agencies and Fortune 500 companies. The attacks have been described as some of the most significant in recent years.
The aftermath of the attacks has been challenging for affected organizations. The vulnerabilities were present in Exchange Server software going back to 2010, meaning that many organizations were using vulnerable software for years. This has made it difficult to determine the extent of the attacks and to identify what data may have been compromised.
The incident has also highlighted the ongoing challenges of securing software and systems in a constantly evolving threat landscape. The vulnerabilities were unknown to Microsoft prior to their discovery by the hacking groups, highlighting the need for ongoing vigilance and investment in security measures.
In response to the attacks, Microsoft has released patches to address the vulnerabilities and has urged organizations to apply them as soon as possible. It has also published a range of guidance for organizations on how to identify and respond to the attacks.
The incident serves as a reminder of the importance of regular software updates and ongoing security measures. It is also a reminder of the need for organizations to remain vigilant and prepared for the ongoing threat posed by cybercriminals. As the threat landscape continues to evolve, it is likely that we will continue to see incidents like this in the future. The key to staying secure is to remain alert, stay up-to-date with security measures, and be prepared to respond quickly and effectively to any potential threats.
