Microsoft is a constant target of cybercrimina. This time it was Microsoft Exchange Server email software that was the target of the attack. At the time the attack became known, the scope of the attack was apparently limited. However, from then on the use of these tactics increased. As a result, some researchers believe that the attack affected more than 30,000 companies and institutions.
Development of the attack
Earlier this month, Microsoft released a set of patches for the 2013, 2016 and 2019 versions of Exhange Server. Which served to resolve a number of vulnerabilities that allowed remote code execution. But between the announcement of the vulnerabilities and the release of the patches, many organizations did not have time to update the software. As a result, an avalanche of attacks continued in the meantime.
Since March 2, Microsoft reported the attack on its systems. After the breach became known, other cybercriminals replicated the strategy. Specifically, the leak takes advantage of a Microsoft Exchange vulnerability. Or password theft, to appear to be someone who has authorized access to the system. If the attacker manages to log in that way, he can remotely take control of the email account and steal data.
Despite the hype, so far few organizations have admitted to being victims of the attack. However, large and small businesses and governments use Microsoft Exchange extensively. Because of this, victim statements are expected in the near future. Due to the scale of the attack. As a result, the European Banking Authority has already confirmed that its mail servers were compromised by the hack. It is thus clear that the victims are located both in the United States and abroad.
Authors of the attack and protection
Microsoft has pointed to a group known as Hafnium as being responsible for the attack. In collaboration with the Chinese government. But Beijing denied these allegations. Similarly, ESET said it discovered more than a dozen APT groups exploiting Microsoft Exchange vulnerabilities. They also detected more than 5,000 mail servers around the world affected by this incident.
“Best protection is to make updates as soon as possible on all impacted systems”.Microsoft
Consequently, over the weekend, U.S. authorities warned that this situation still represents an “active threat”. Microsoft advises organizations to update all affected systems as soon as possible. In particular, ESET recommends that organizations urgently install Exchange patches. Even for those that are not connected to the Internet.