Recently discovered zero day vulnerabilities in Microsoft’s popular business email software Microsoft’s Exchange have raised serious concerns among authorities.

Microsoft, in a blog earlier this week had said that it had found multiple Zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server.

Hackers have leveraged the vulnerabilities to access on-premises Exchange servers which enabled them to access email accounts. They have also leveraged the exploits to install additional malware which can help them access the victim’s systems in the future.

The Microsoft Threat Intelligence Center (MSTIC) attributed the sophisticated attack to a “state-sponsored” group operating out of China called Hafnium based on “observed victimology, tactics and procedures.”

According to Microsoft, hackers have leveraged the vulnerabilities in “limited and targeted attacks.”

The group primarily targets entities in the United States across “a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks, and NGOs.”

Vulnerabilities

According to a report by KrebsonSecurity, at least 30,000 organisations across the US including small businesses, towns, cities and local governments have been impacted as part of the attack.

The vulnerabilities were first brought to light by Volexity. Volexity and another firm, Dubex have reported different parts of the attack chain and have collaborated with the tech giant in the investigation.

Volexity in January 2021, through its Network Security Monitoring service, had detected an “anomalous activity” from two of its customers’ Microsoft Exchange servers.

Microsoft earlier this week released emergency security patches for these vulnerabilities. It has also provided additional measures along with an updated advisory to help organisations mitigate the risk.

The attack has raised alarms among authorities, including the White House.

The US Cybersecurity and Infrastructure Security Agency (CISA) had issued an alert on 6 March. CISA had further highlighted the updated script released by Microsoft “that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities disclosed on March 2, 2021.”

It had “strongly recommended” organisations to run the script and determine if their systems had been compromised.

Though the specific targets remain unknown, the US Defense Department is also assessing its systems based on an advisory issued by Microsoft, as per reports.

India’s Computer Emergency and Response Team (CERT-In) has also issued an alert for the vulnerabilities urging organisations to update their systems and mitigate the risks as required.

“We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defence industrial base entities. We encourage network owners to patch ASAP, White House National Security Advisor Jake Sullivan wrote on Twitter.

The attack comes shortly after a suspected Russian campaign on US federal agencies leveraging widely used software from SolarWinds LLC.

Related Topics
comment COMMENT NOW