Last Friday, cybersecurity journalists Brian Krebs and Andy Greenberg reported that up to 30,000 organizations were infiltrated in an unprecedented email server attack believed to originate from a government-backed Chinese hacking group known as Hafnium.
Over the weekend, that estimate doubled to 60,000 Microsoft Exchange Server customers attacked around the world. The European Banking Authority also acknowledged that this attack was one of the victims. Apparently, it took Microsoft a little longer to realize the seriousness of the situation and roll out the necessary patch. Krebs drew up a basic timeline of the massive Exchange Server attack, and said Microsoft confirmed it was notified of the vulnerabilities in early January.
So a blog post that didn’t reveal the scope or scale of the attack, and it was reported about two months before it released its first patch set. Initially, it even planned to wait for one of the standard Tuesday patch releases, called Patch Tuesday, but it pulled it a week earlier.
Now MIT Technology Review reports that Hafnium is not the only threat. He referred to a cybersecurity analyst claiming that there are at least five hacking groups actively using Exchange Server flaws as of Saturday.
Jen Psaki, the US White House press secretary, called it an “active threat.” It drew more attention to the emergency directive sent by the US Department of Homeland Security’s cyber security agency on March 3. White House national security adviser Jake Sullivan, as well as former Cyber Security and Infrastructure Security Agency director Christopher Krebs, and the White House National Security Council also warned of this.
Currently, anyone installing a native Microsoft Exchange Server (2010, 2013, 2016 or 2019) needs to apply the required patches and perform a security scan. However, we are only beginning to understand the extent of the damage. Attackers have also been reported to install malware that allows them to revert to these servers, and it is not yet known what they might have received. According to Bloomberg, part of the email from a White House official, “We are taking action as the whole government to assess and address the impact.” says.
Microsoft declined to comment on the timing of its patches and disclosures. Instead, he reiterated his previous statement: “The best protection for our customers is to apply updates to all affected systems as soon as possible. We continue to assist customers by providing additional review and mitigation guidance. Affected customers should contact our support teams for additional assistance and resources. ”