Security News > 2021 > March > Microsoft: Multiple Exchange Server Zero-Days Under Attack by Chinese Hacking Group

Microsoft late Tuesday raised the alarm after discovering Chinese cyber-espionage operators chaining multiple zero-day exploits to siphon e-mail data from corporate Microsoft Exchange servers.

In all, Microsoft said the attacker chained four zero-days into a malware cocktail targeting its Exchange Server product.

"In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments," Microsoft said.

CVE-2021-26855 is a server-side request forgery vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server.

If HAFNIUM could authenticate with the Exchange server then they could use this vulnerability to write a file to any path on the server.

First, the group gained access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise as someone who should have access.

News URL

http://feedproxy.google.com/~r/Securityweek/~3/N3Tfx1nZPIk/microsoft-4-exchange-server-zero-days-under-attack-chinese-apt-group