According to Microsoft, the attack could be linked directly to the Chinsese government.
The Exchange mailserver is stll being patched and the number of affected users may increase until the vulnerability issue is completelty blocked.
According to Bloomberg the affected users so far are only medium size or small businesses.
It seems that the attacks have been going on since January 2021 but it just took big strength in the past few days, CNBC describes it as "really noisy and very aggressive".
This attack consists on creating web shells on the server (remote access points) that stole data and distributed malware.
The White House had already reported this activities that involved big mail server companies including Microsft, Microsoft said they were already working since last week on patches for the newly discovered vulnerabilities as they had discovered a hacking group trying to exploit those vulnerabilitues, they were able to identify this group called "Hafnium" as a group tied to the Chinse Government,
Cisa was already aware of the exploitation of this vulnerabilties, and they had already released a communication through their twitter account
CISA is aware of widespread domestic and international exploitation of Microsoft Exchange Server vulnerabilities and urges scanning Exchange Server logs with Microsoft's IOC detection tool to help determine compromise. https://t.co/khgCR2LAs0. #Cyber #Cybersecurity #InfoSec
— US-CERT (@USCERT_gov) March 6, 2021
At the moment (March 08 2021) all the traffic for the Micrsoft 365 page is being redirected to Microsoft Defender for Office 365
*Screenshot of the Microsoft Defender for Office 365 website on March 8th 2021
Comments