Credit: Dreamstime
On March 2, 2021 Microsoft detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server.
Over the next few days, over 30,000 organisations in the US were attacked as hackers used several Exchange vulnerabilities to gain access to email accounts and install web shell malware, giving the cyber criminals ongoing administrative access to the victims' servers.
On the same day, Microsoft announced they suspected the attacks were carried out by a previously unidentified Chinese hacking group they dubbed Hafnium. According to the Microsoft Threat Intelligence Center (MSTIC), Hafnium is suspected to be state-sponsored and operating out of China, primarily targeting organisations in the United States across multiple industry segments and operating primarily via leased virtual private servers (VPSs) in the U.S.
Microsoft has released updates addressing Exchange Server versions 2010, 2013, 2016, and 2019. The software vulnerabilities involved include CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065—together, these are commonly referred to as ProxyLogon.
According to Gartner analyst Peter Firstbrook, what the hackers are really looking for is a rich attack environment, and targeting on-premises software in organisations that don’t pay much attention to legacy software updates is fertile ground.
“A lot of customers have already moved to online Exchange, at least the more savvy customers have. That leaves behind the late adopters and less mature organisations that just keep carrying on with the old platforms. This is the richest attack environment,” Firstbrook said.
“These people are busy running their businesses and are not paying attention. They have IT ge ..
Support the originator by clicking the read the rest link below.
