Microsoft Exchange Server hacked
A hack on Microsoft’s Exchange email software has become a pressing global concern over the past few days.
Multiple sources have recently reported that thousands of organizations throughout the United States, including small and large businesses, local governments, and other entities, have been hacked through the use of vulnerability holes discovered in Microsoft Exchange, a Microsoft mail and calendar server.
The malicious actor accused of this massive hacking attack is an active China-based cyberespionage team aimed at robbing e-mails from target organizations.
Exchange Online is not affected, according to Microsoft. All on-site Exchange Server versions currently supported are in danger though. Therefore, users of the following on-site Exchange Servers ought to take urgent measures to secure themselves:
- 2013 Microsoft Exchange Server
- 2016 Microsoft Exchange Server
- 2019 Exchange Microsoft Server
- *Servers before 2013 are currently potentially insecure since they are EOL (End of Life) and are not supported anymore by Microsoft.
The attack was attributed to a “state-sponsored threat actor” located in China that Microsoft Threat Intelligence Center (MSTIC) has codenamed Hafnium.
Four recently identified vulnerabilities in Microsoft Exchange Server email software have been abused by the above-mentioned hacking group. The criminals have seeded hundreds of thousands of target organizations worldwide with resources that allow perpetrators full leverage of the affected networks through a remote control.
According to various sources, Hafnium has been attempting to rob information from experts in infectious diseases, law companies, universities, and defense contractors.
On March 2, Microsoft published urgent security updates to patch four security vulnerabilities in Exchange Server versions dating from 2013 to 2019 that hackers were exploiting to spy on email correspondence from Internet-facing Exchange systems.
Over the next few days after the updates were posted security analysts detected that the Hafnium Chinese cyber spy community has significantly stepped up attacks on every unpatched Exchange server worldwide.
In each of the attacks, the attackers have planted a “web shell” – a password-protected hacking tool accessible from any browser over the Internet. The web shell provides administrative access to the computer servers of the victim.
Victims of the recent Exchange attack are also identified from outside the United States, with email systems hacked in companies based in Norway and the Czech Republic.
The White House press secretariat has commented on the incident as “an active threat” and has called up for mutual efforts from the government, private sector, academia to act now to patch the vulnerabilities.
The US National Security Council has also released a comment on the attack and has highlighted the importance of each organization with a vulnerable server to take immediate measures.
The news of the infringement caused the US Cybersecurity and Infrastructure Security Agency (Cisa) to publish an immediate directive that urged institutions and departments to take swift actions.
Microsoft has not confirmed the numbers of the affected victims but said that it was cooperating closely with US government agencies. According to the company’s written statement, the best defense is to upgrade all affected systems as soon as possible.
Microsoft’s spokesperson explained that the company keeps assisting its users by providing them with prevention advice and investigation details in regards to the incident. For additional assistance and resources, affected customers should contact the support staff.