Microsoft last week cautioned its customers against a new sophisticated nation-state cyberattack, originating in China and primarily targeting the giant tech company’s ‘Exchange Server’ software. This cyber attack has been done on a very large scale, and due to this, organizations like disease research firms, law firms, higher education institutions, defense contractors, policy firms, NGOs are getting cyber attacks. Microsoft has taken more than eight weeks to act on red flags raised by security organizations around the world, which appear to have turned the issue into something far more serious than was initially reported.
Several reports have revealed that the Microsoft Exchange mass cyber attack has already affected thousands of small and medium businesses across the globe, and hence, millions of users across the globe.
“While Hafnium is from China, it primarily operates its operations from leased virtual private servers (VPS) in the US,” said Tom Burt, Microsoft’s corporate vice president (customer security, trust). To protect the customers running Exchange Server, the Company has issued security updates and urges all Exchange Server customers to implement these updates promptly.
What is Microsoft Exchange Mass Cyber Attack?On March 2, Microsoft said that flaws were found in the Exchange Server mail and calendar software for corporate and government data centers. The company released patches for the 2010, 2013, 2016 and 2019 Exchange versions. Microsoft would usually release the patch on the second Tuesday of every month, but the news of the attack on Exchange software first surfaced on Tuesday. A Bloomberg report claims that more than 60,000 organizations have already been affected in the USA alone,
Security blogger Brian Krebs wrote in his blog that Microsoft also took the unusual step of releasing a patch for the 2010 version, even though support for it ended in October. This clearly shows that the Microsoft Exchange Server code has been flawed for more than 10 years. Hackers initially targeted only a few in February, then later they spotted flawed software.
Are people taking advantage of the loopholes?
Yes, Microsoft said that the main group exploiting the flaw is a nation-state group based in China it calls Hafnium.
When did the attacks start?
According to security company Volexity, attacks on exchange software began in early January. Microsoft has credited Volexity for identifying some of the issues.
The Microsoft Threat Intelligence Center (MSTIC) has discovered that Hafnium steals passwords before they can access an Exchange server. Second, it creates a web shell from which the server can be controlled remotely. Third, it uses remote access that operates from a US-based private server.
For information, let us tell you that this is the eighth time in the last 12 months that Microsoft has publicly disclosed nation-state groups targeting institutions important to civil society.