Over 30,000 private and government official US organizations have been compromised in a Microsoft Exchange Server exploit campaign.
According to recent reports, four vulnerabilities were detected in the Microsoft Exchange Server which was exploited by bad actors that led to organizational emails being hacked and compromised.
Microsoft has since deployed security measures and has patched up the vulnerabilities.
Reportedly, thousands of state and city governments, along with fire and police departments, school districts, financial institutions, as well as other organizations were impacted due to the exploitation campaign.
However, since the impacted number of victim organizations is significantly large, the Microsoft Exchange Server identification and clean-up process will be a colossal task.
Detailing the exploitation campaign, Microsoft has stated that the vulnerabilities gave the threat actors illegal authorization to victim’s email accounts and the ability to install malware that would allow them to regain access back to the server.
State-sponsored attack on Microsoft Exchange Server:
It is suspected that the campaign was executed by a Chinese hacker group named Hafnium.
Though Microsoft is yet to disclose any details regarding the scale of the exploitation campaign, it also points to the same Chinese hacker group for exploiting the vulnerabilities, being confirmed by the fact that the group is state-sponsored.
The exploitation campaign on the server has been active since early January but increased in intensity till late February.
Also read,
The tech giant released the security patches in early march giving the hacker over 2 months to implement the mal-activities in the Microsoft Server.
Microsoft Exchange Server attack not linked to SolarWinds:
Even though actively speculated, the exploitation campaign on the Exchange Server is not connected to the infamous SolarWinds cyberattack that swept many US federal agencies and companies, according to Microsoft.
An established list of directly as well as indirectly impacted victim organizations and government agencies is yet to be disclosed by Microsoft, while only an obscure “large scale” number has come forth.
Microsoft has affirmed that it is working in close coordination with cybersecurity and government agencies to ensure the provision of optimal moderation and direction to its impacted customers.
Concerns over the exploitation campaign:
Security experts have notified that if the patches are not deployed, there are chances of organizations being hacked and have recommended organizations implementing Microsoft Server to deploy the patches.
Many high-ranking US government officials and cybersecurity experts have tweeted about the Microsoft Exchange Server hacker attack and reflected upon the severity and scope of the attack.
Microsoft releasing security updates:
Microsoft has released several security updates to fix the bugs and vulnerabilities and suggests that they be implemented immediately.
However, organizations using the Exchange Server online have been uncompromised from the exploitation campaign.
The exploit was only posed on self-hosted servers operating Microsoft Exchange Server 2013, 2016, or 2019.