banner
Huge hack on Microsoft Exchange Server
Huge hack on Microsoft Exchange Server
Security

Huge hack on Microsoft Exchange Server

By Marco Cavicchioli - 15 Mar 2021

Chevron down

According to Trend Micro, as many as 30,000 US organisations may have suffered a hack attack on Microsoft Exchange Server, while globally the number could be much higher. 

In fact, the latest Shodan audit revealed as many as 63,000 such servers potentially exposed to these exploits.

According to Trend Micro, cyber-espionage campaigns have rarely in the past reached similar dimensions to the current attack on Microsoft Exchange Server. 

Microsoft has already released patches to update and protect the servers, but they may in fact have already been attacked. According to the company, four vulnerabilities in particular have been exploited by a hacker group linked to China.

The immediate application of the patches must be considered a top priority for the owners and managers of these servers, and if it is not possible to apply them, all vulnerable servers must be disconnected. At present, anyone with a Microsoft Exchange server should investigate for signs of compromise.

Hack attack on Microsoft Exchange Server

In fact, the first attacks date back as far as January 6th, when a new threat group called “Hafnium” was detected, which exploited four zero-day bugs within Microsoft Exchange Server, and which could be exploited to execute code, write files, steal data, and perform further malicious actions, such as distributing ransomware.

The scope of this campaign is very large, and many institutions are already on the alert, starting with the White House and the US Cybersecurity and Infrastructure Security Agency (CISA).

To find out if your Microsoft Exchange Server has been affected by this attack, you need to scan your Exchange Server logs with Microsoft‘s detection tool, and perform a manual search with software such as Trend Micro Vision One to check for indicators of compromise associated with this attack. 

If any compromises are detected, an incident response plan should be activated. 

The Trend Micro team recommends that you do not use any machines until you have scanned for indicators of compromise. 

 

Marco Cavicchioli
Marco Cavicchioli

Class 1975, Marco teaches web-technologies and is an online writer specializing in cryptocurrencies. He founded ilBitcoin.news, and his YouTube channel has more than 25 thousand subscribers.

We use cookies to make sure you can have the best experience on our site. If you continue to use this site we will assume that you are happy with it.