Microsoft says China-backed hackers are exploiting Exchange zero-days

ronjor · Mar 2, 2021

Zack Whittaker@zackwhittaker / 2:39 PM CST•March 2, 2021

The technology company said Tuesday that it believes the hacking group, which it calls Hafnium, tries to steal information from a broad range of U.S.-based organizations, including law firms and defense contractors, but also infectious disease researchers and policy think tanks.
Click to expand...

Patches to fix those four security vulnerabilities are now out, a week earlier than the company’s typical patching schedule, usually reserved for the second Tuesday in each month.
Click to expand...

hawki · Mar 5, 2021

Cyber has moved to center of national security strategy.

President’s national security adviser urges Americans to patch a newly discovered vulnerability. IIRC This is a first. Didn’t happen in NotPetya, or more recently in SolarWinds.

"We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities. We encourage network owners to patch ASAP: https://msrc-blog.microsoft.com/2021/03/02/mul"

https://twitter.com/JakeSullivan46/status/1367660450855477256

Trooper · Mar 5, 2021

I patched my server the day the patch was released. Did not see any sign of being compromised after looking at the Exchange logs etc.

ronjor · Mar 5, 2021

At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software

05 March 2021
The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded hundreds of thousands of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.
Click to expand...

https://krebsonsecurity.com/2021/03...acked-via-holes-in-microsofts-email-software/

Krusty · Mar 5, 2021

White House fears significant number of organisations caught in Microsoft hack

The White House fears a significant number of organisations around the world have been compromised through a back door installed via recently patched flaws in Microsoft's email software, and warns it "could have far-reaching impacts".

The hacking has already reached more places than all of the tainted code downloaded from SolarWinds Corp, the company at the heart of another massive hacking spree uncovered in December.

The latest hack has left channels for remote access spread among credit unions, town governments and small businesses, according to records from a US investigation.

Tens of thousands of organisations in Asia and Europe are also affected, the records show.

The hacks are continuing despite emergency patches issued by Microsoft on Tuesday.
Click to expand...

https://www.abc.net.au/news/2021-03...ficant-hack-microsoft-exchange-email/13223508

ronjor · Mar 6, 2021

Microsoft IOC Detection Tool for Exchange Server Vulnerabilities

Original release date: March 06, 2021
Microsoft has released an updated script that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities disclosed on March 2, 2021.
CISA is aware of widespread domestic and international exploitation of these vulnerabilities and strongly recommends organizations run the Test-ProxyLogon.ps1 script
—as soon as possible—to help determine whether their systems are compromised. For additional information on the script, see Microsoft’s blog HAFNIUM targeting Exchange Servers with 0-day exploits.
Click to expand...

For more information about these vulnerabilities and how to defend against their exploitation, see:
Microsoft Advisory: Multiple Security Updates Released for Exchange Server
Microsoft Blog: HAFNIUM targeting Exchange Servers with 0-day exploitsMicrosoft GitHub Repository: CSS-Exchange
CISA Alert: Mitigate Microsoft Exchange Server Vulnerabilities
CISA Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities
Click to expand...

hawki · Mar 6, 2021

"Four new hacking groups have joined an ongoing offensive against Microsoft’s email servers

Chinese hackers targeting Microsoft Exchange servers were joined by a feeding frenzy of other adversaries this week.

A Chinese government-linked hacking campaign revealed by Microsoft this week has ramped up rapidly. At least four other distinct hacking groups are now attacking critical flaws in Microsoft’s email software in a cyber campaign the US government describes as 'widespread domestic and international exploitation' with the potential to impact hundreds of thousands of victims worldwide..."

https://www.technologyreview.com/2021/03/06/1020442/four-new-hacking-groups-microsoft-email-servers/

ronjor · Mar 7, 2021

Thread is closed for comments.

Log in or Sign up

Microsoft says China-backed hackers are exploiting Exchange zero-days

ronjor Global Moderator

hawki Registered Member

Trooper Registered Member

ronjor Global Moderator

Krusty Registered Member

ronjor Global Moderator

hawki Registered Member

ronjor Global Moderator

Log in or Sign up

Microsoft says China-backed hackers are exploiting Exchange zero-days

ronjor Global Moderator

hawki Registered Member

Trooper Registered Member

ronjor Global Moderator

Krusty Registered Member

ronjor Global Moderator

hawki Registered Member

ronjor Global Moderator

Useful Searches