[ad_1]
Four exploits discovered in Microsoft’s Exchange Server software have allegedly led more than 30,000 U.S. government and business organizations to hack their emails, according to a report by KrebsOnSecurity. Wired also reports that “tens of thousands of mail servers” have been hacked. Exploits have been patched by Microsoft, but security experts are talking to Krebs say the detection and cleanup process will be a massive effort for the thousands of state and city governments, fire and police departments, school districts, financial institutions and other organizations that have been affected.
According to Microsoft, the vulnerabilities allowed hackers to gain access to email accounts and also gave them the ability to install malware that could let them return to those servers later.
Krebs and Wired report that the attack was carried out by Hafnium, a Chinese hacking group. While Microsoft has not commented on the scale of the attack, it also says the same group exploited the vulnerabilities, saying it has “great confidence” that the group is sponsored by the. State.
According to KrebsOnSecurity, the attack has continued since January 6 (the day of the riot), but intensified at the end of February. Microsoft released its fixes on March 2, which meant attackers had almost two months to complete their operations. The chairman of cybersecurity firm Volexity, who discovered the attack, said Krebs that “if you’re running Exchange and you haven’t fixed this yet, there’s a very good chance your organization is already compromised.”
White House National Security Advisor Jake Sullivan and former Cybersecurity and Infrastructure Security Agency director Chris Krebs (unrelated to KrebsOnSecurity) tweeted about the seriousness of the incident.
This is the real deal. If your organization is running an OWA server exposed to the Internet, assume a compromise between 02 / 26-03 / 03. Look for the 8 character aspx files in C: \ inetpub wwwroot aspnet_client system_web . If you get any results from this search, you are now in incident response mode. https://t.co/865Q8cc1Rm
– Chris Krebs (@C_C_Krebs) March 5, 2021
Microsoft has released several security updates to address the vulnerabilities and suggests installing them immediately. Note that if your organization uses Exchange Online, it will not have been affected – the exploit was only present on self-hosted servers running Exchange Server 2013, 2016, or 2019.
While a large-scale attack, possibly carried out by a state organization may sound familiar, Microsoft is clear that the attacks are “in no way related” to the SolarWinds attacks that have compromised US federal government agencies and companies. Last year.
It is likely that there are still more details to come about this hack – so far there has been no official list of organizations that have been compromised, just a vague picture of the scale and scale. high severity of the attack.
A Microsoft spokesperson said the company is “in close collaboration with the [Cybersecurity and Infrastructure Security Agency], other government agencies and security companies, to ensure that we are providing the best possible advice and mitigation measures to our clients, ” and that “[t]The best protection is to apply updates as soon as possible to all affected systems. “
[ad_2]
Source link