Attack on Microsoft Exchange Server: an urgent critical vulnerability detected
Microsoft Exchange Server was subject to an attack by Hafnium which has since been detected. Now that the exploit has been made public and the attack mechanisms are known, there is an increased risk of other malicious users taking advantage of this vulnerability for monetary gain.
In the attacks observed, the threat actor used these vulnerabilities to access on-premise Exchange servers which enabled access to email accounts and allowed installation of additional malware to facilitate long-term access to victim environments. All this could be done without any need for authentication.
What action should be taken at this stage?
Several security updates have been released by Microsoft for Microsoft Exchange Server to address vulnerabilities that have been exploited in targeted attacks on a small scale.
STEP 1 – Check your Exchange version and install the recommended patches.
STEP 2 – Investigate for exploitation, persistence, or evidence of lateral movement to determine if you’ve already been compromised.
This is aimed at your IT department as well as your security department.
In conclusion, all the critical and official information can be found here 👇
What is the reason for the emergency?
Hafnium originally used a targeted exploit to access data but now that the attack mechanisms are known, it can be exploited for monetary gain through ransomware attacks by any ill intended hackers and organizations.
The ransomware creates encrypted copies of the targeted files by using an encryption key embedded in its binary. It then deletes the original versions of the targeted files. As a result, victims may be able to recover some data due to this encryption behaviour.
Would you like to stay up to date with the latest trheats? It’s huge time to subscribe to our SOC newsletter.