At least one vulnerability is being exploited by multiple cyberespionage groups to attacks targets mainly in the US, per ESET telemetry
Microsoft has rushed out emergency updates to address four zero-day flaws affecting Microsoft Exchange Server versions 2013, 2016, and 2019. Threat actors have been observed exploiting the vulnerabilities in the wild to access on-premises Exchange servers, which allowed them to steal emails, download data, and compromise machines with malware for long-term access to the victim networks. Due to the severity of the threat, the Redmond tech titan is urging users to patch their systems immediately.
Indexed as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065, the security loopholes are being exploited by the attackers as part of an attack chain. Microsoft’s decision to issue an out-of-bounds instead of releasing the fixes as part of its monthly Patch Tuesday bundle underscores the seriousness of the threat. Microsoft attributed the attack to a relatively little-known Advanced Persistent Threat (APT) group codenamed Hafnium.
According to ESET telemetry, at least one of the vulnerabilities is being targeted by multiple cyberespionage groups, to wit LuckyMouse (also known as Emissary Panda or APT27), as well as Tick and Calypso. The flaw, indexed as microsoft rushes fixes flaws exchange server
