{"id":41860,"date":"2021-03-08T10:32:06","date_gmt":"2021-03-08T10:32:06","guid":{"rendered":"http:\/\/icloud.pe\/blog\/?guid=e97d6c9c08fdb2350187835f8a0cf96b"},"modified":"2021-03-08T10:32:06","modified_gmt":"2021-03-08T10:32:06","slug":"hundreds-of-thousands-of-victims-in-microsoft-exchange-server-attacks","status":"publish","type":"post","link":"https:\/\/icloud.pe\/blog\/hundreds-of-thousands-of-victims-in-microsoft-exchange-server-attacks\/","title":{"rendered":"\u2018Hundreds of thousands\u2019 of victims in Microsoft Exchange Server attacks"},"content":{"rendered":"


\n Keumars Afifi-Sabet<\/a><\/span>
\n <\/span><\/p>\n

\n
\n
8 Mar, 2021<\/span><\/div>\n<\/p><\/div>\n<\/div>\n

\n<\/a><\/p>\n

\n

There are potentially\u00a0hundreds of thousands\u00a0of victims from cyber attacks exploiting newly-discovered Microsoft Exchange Server vulnerabilities, with the White House urging businesses to\u00a0patch their systems immediately<\/a>.<\/p>\n

US-based victims exceed 30,000 including small businesses, towns and cities as well as local government organisations,\u00a0according to security researcher Brian Krebs<\/a>, with Chinese hackers determined to steal their email communications.<\/p>\n

<\/p>\n

\nThis figure, however, only represents a portion of \u201chundreds of thousands\u201d of servers that state-backed Chinese hackers have seized, based on information provided to Krebs by two security experts. Each targeted server, deployed to process email communications, represents roughly one organisation here.\u00a0<\/p>\n

\u201cThis is an active threat,\u201d White House press secretary Jen Psaki said at a press briefing,\u00a0as reported by\u00a0BBC News<\/em><\/a>. \u201cEveryone running these servers – government, private sector, academia – needs to act now to patch them.”\u00a0<\/p>\n

She added that the White House was concerned \u201cthere are a large number of victims\u201d and that these vulnerabilities discovered last week could have \u201cfar-reaching impacts\u201d.<\/p>\n

Microsoft\u00a0patched four actively exploited flaws<\/a>\u00a0in several versions of its Microsoft Exchange Server service last week, which attackers were taking advantage of to steal emails from web-facing systems running the software.\u00a0<\/p>\n

In these attacks, the perpetrators left behind a password-protected web shell that could be accessed from anywhere, giving them administrative access to victims\u2019 servers.<\/p>\n

The company also warned businesses that this charge was being led by\u00a0state-backed hackers<\/a>,\u00a0<\/em>specifically the Hafnium group, although refrained from disclosing how many victims there were at the time.<\/p>\n

The US Cybersecurity and Infrastructure Security Agency (CISA) then\u00a0ordered US federal agencies to immediately patch their Exchange Server installations<\/a>, or disconnect the programme until it can be reconfigured, for fear of falling victim to hacking attempts.<\/p>\n

\u201cPatching and mitigation is not remediation if the servers have already been compromised,\u201d the White House\u2019s National Security Council also tweeted. \u201cIt is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted.\u201d<\/p>\n

Vice president of Volexity, Steven Adair, who first reported the Exchange flaws to Microsoft, also told\u00a0KrebsonSecurity\u00a0<\/em>that the hacking group first exploited these bugs on 6 January, but shifted into a much higher gear over the last few days.<\/p>\n

\u201cEven if you patched the same day Microsoft published its patches, there\u2019s still a high chance there is a web shell on your server,\u201d he said. \u201cThe truth is, if you\u2019re running Exchange and you haven\u2019t patched this yet, there\u2019s a very high chance that your organization is already compromised.\u201d <\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"

Keumars Afifi-Sabet<\/p>\n

8 Mar, 2021 <\/p>\n

There are potentially\u00a0hundreds of thousands\u00a0of victims from cyber attacks exploiting newly-discovered Microsoft Exchange Server vulnerabilities, with the White House urging businesses to\u00a0p…<\/p>\n","protected":false},"author":433,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[],"tags":[],"class_list":["post-41860","post","type-post","status-publish","format-standard","hentry"],"_links":{"self":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41860","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/users\/433"}],"replies":[{"embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/comments?post=41860"}],"version-history":[{"count":1,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41860\/revisions"}],"predecessor-version":[{"id":41861,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/posts\/41860\/revisions\/41861"}],"wp:attachment":[{"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/media?parent=41860"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/categories?post=41860"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/icloud.pe\/blog\/wp-json\/wp\/v2\/tags?post=41860"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}