What is the target of millions of Microsoft Exchange cyber attack, when and how it started?

Microsoft (Microsoft) last week warned its customers against a new sophisticated nation-state cyber attack, which has its origins in China, and is mainly targeting the ‘Exchange Server’ software of the Diggies tech company. This cyber attack has been done on a large scale, and this is causing cyber attack on organizations like disease research firm, law firm, higher education institute, defense contractors, policy firm, NGO. Microsoft has taken more than eight weeks to take action on the Red Flag raised by security organizations around the world, which appears to have been made far more serious than the initial report about the issue.

Several reports have shown that the Microsoft Exchange mass cyber attack has already affected thousands of small and medium businesses worldwide, and, therefore, has affected millions of users worldwide.

Microsoft’s corporate vice president (customer security, trust) Tom Burt said, “While hafnium is from China, it primarily operates in the US through leased virtual private servers (VPS).” The company has issued security updates to protect custumers running Exchange Server and appeals to all Exchange Server customers to implement these updates immediately.

What is Microsoft Exchange Mass Cyber ​​Attack?On March 2, Microsoft said that flaws were found in the Exchange server mail and calendar software for corporate and government data centers. The company released patches for the 2010, 2013, 2016 and 2019 exchange versions. Microsoft usually issued patches to the second mangrover every month, but news of an attack on Exchange software first surfaced on Tuesday. A Bloomberg report claimed that more than 60,000 organizations have already been affected in the USA alone,

Security blogger Brian Krebs wrote in his blog that Microsoft also took the unusual step of releasing patches for the 2010 version, even though support for it expired in October. This shows that Microsoft Exchange Server code has been missing for more than 10 years. The hackers initially targeted only a few in February, then later they spotted the softwares with flaws.

Are people taking advantage of the flaws?
Yes, Microsoft said that the main group exploiting the flaws is a nation-state group based in China, which they call hafnium.

When did the attacks start?
According to security company Volexity, attacks on exchange software started in early January. Volksity has been credited with identifying some issues by Microsoft.

The Microsoft Threat Intelligence Center (MSTIC) has discovered that hafnium steals passwords before reaching an Exchange server. Second, it creates a web shell from which the server can be remotely controlled. Third, it uses remote access that runs on a US-based private server.

For information, let us tell you that this is the eighth time in the last 12 months when Microsoft has publicly disclosed nation-state groups targeting important institutions for civil society.


Leave A Reply

Please enter your comment!
Please enter your name here