Recently discovered zero day vulnerabilities in Microsoft’s popular business email software Microsoft’s Exchange have raised serious concerns among authorities.
Microsoft, in a blog earlier this week had said that it had found multiple Zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server.
Hackers have leveraged the vulnerabilities to access on-premises Exchange servers which enabled them to access email accounts. They have also leveraged the exploits to install additional malware which can help them access the victim’s systems in the future.
The Microsoft Threat Intelligence Center (MSTIC) attributed the sophisticated attack to a “state-sponsored” group operating out of China called Hafnium based on “observed victimology, tactics and procedures.”
According to Microsoft, hackers have leveraged the vulnerabilities in “limited and targeted attacks.”
The group primarily targets entities in the United States across “a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks, and NGOs.”
According to a report by KrebsonSecurity, at least 30,000 organisations across the US including small businesses, towns, cities and local governments have been impacted as part of the attack.
The vulnerabilities were first brought to light by Volexity. Volexity and another firm, Dubex have reported different parts of the attack chain and have collaborated with the tech giant in the investigation.
Volexity in January 2021, through its Network Security Monitoring service, had detected an “anomalous activity” from two of its customers’ Microsoft Exchange servers.
Microsoft earlier this week released emergency security patches for these vulnerabilities. It has also provided additional measures along with an updated advisory to help organisations mitigate the risk.
The attack has raised alarms among authorities, including the White House.
The US Cybersecurity and Infrastructure Security Agency (CISA) had issued an alert on 6 March. CISA had further highlighted the updated script released by Microsoft “that scans Exchange log files for…