Cybersecurity journalists (Brian Krebs) and (Andy Greenberg) Andy Greenberg reported days ago that up to 30 thousand organizations have been exposed to an unprecedented breach by hacking the Microsoft Exchange email server, and it is believed that the hack is coming from a Chinese state-sponsored hacking group. Known as Hafnium.
This estimate was doubled to reach 60,000 hacked clients around the world, where she admitted European Banking Authority as one of the victims, it seems that a company Microsoft took a very long time to realize the seriousness and danger of correcting it.
And crepes mode A timetable Key to the hacking of the massive Exchange Server, he says, “Microsoft confirmed it was aware of the vulnerabilities in early January.”
This was nearly two months before Microsoft released its first batch of patches, along with a blog post that did not explain the scope or scale of the attack, and was originally planning to wait one of its standard Tuesdays to release the patches, but backed out and posted it a week ago.
Reported magazine MIT Technology Review says Hafnium may not be the only threat, citing a cybersecurity analyst claiming that there appear to be at least five hacking groups actively exploiting the Exchange Server flaws as of Saturday.
Reportedly, government officials are scrambling to do something, as one state official said: It’s a very big problem. She described The White House press secretary said the problem was an active threat, which drew attention to Guidance Sent by the Department of Homeland Security’s Cybersecurity Agency on March 3.
The White House National Security Adviser warned that too, as well ex-manager For the Cybersecurity and Infrastructure Security Agency and the National Security Council of the White House.
Anyone who installed Microsoft Exchange server locally needs to install the patch, and hackers are reported to have installed malware that can allow them to return to the servers again, and it is not yet known what they have taken over.
Microsoft declined to comment on the timing of the corrections and disclosures, citing a previous statement instead saying: We work closely with CISA and other government agencies and security companies to ensure we provide the best possible guidance and mitigation to clients.
The statement added: The best protection is to install updates as quickly as possible across all affected systems, and we continue to assist customers by providing additional investigation and mitigation guidance, and affected customers should contact support teams for additional assistance and resources.
This is the real deal. If your organization runs an OWA server exposed to the internet, assume compromise between 02/26-03/03. Check for 8 character aspx files in C: inetpub, www.rootaspnet_clientsystem_web. If you get a hit on that search, you’re now in incident response mode. https://t.co/865Q8cc1Rm
– Chris Krebs (@C_C_Krebs) March 5, 2021
Patching and mitigation is not remediation if the servers have already been compromised. It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted. https://t.co/HYKF2lA7sn
– National Security Council (@WHNSC) March 6, 2021