Best of 2021 – Global Hack: Zero-Day Exploits of Microsoft Exchange Server


As we close 2021, at Security Boulevard we wanted to highlight the most popular items of the year. Here is the next in our series of the best of 2021.

Hundreds of thousands of organizations around the world are newly hacked via vulnerabilities in Microsoft’s email software per year Krebs on the security article posted on March 5, 2021.

“At least 30,000 organizations across the United States – including a significant number of small businesses, towns, cities and local governments – have been hacked in recent days by an unusually aggressive Chinese cyber-espionage unit that Focuses On Stealing Email From Victim Organizations, Multiple Sources Tell KrebsOnSecurity Spy Group Exploits Four Newly Discovered Flaws In Microsoft Exchange Server Mail Software And Has Endowed Hundreds Of Victim Organizations Around The World set of tools that give attackers full and remote control over affected systems.

“This is the real deal,” tweeted Christopher Krebs, the former director of the Cybersecurity and Infrastructure Security Agency (CISA). “If your organization manages a [Outlook Web Access] OWA server exposed to the Internet, assume a compromise between 02/26 and 03/03. “

Current situation – What we know

According to a Microsoft blog post dated 3/2/21 and updated 3/4/21 and 3/5/21:

“Microsoft has detected several 0-day exploits used to attack on-premises versions of Microsoft Exchange Server as part of limited and targeted attacks. In the observed attacks, the threat actor used these vulnerabilities to access on-premises Exchange servers which allowed access to email accounts and allowed the installation of additional malware to facilitate long-term access. to the environments of the victims. The Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with great confidence to HAFNIUM, a group assessed as state sponsored and operating from China, based on observed victimology, tactics and procedures.

“Recently exploited vulnerabilities were CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, all of which have been fixed in the (Read more…)


Comments are closed.