Security News > 2021 > March > Microsoft: Multiple Exchange Server Zero-Days Under Attack by Chinese Hacking Group
Microsoft late Tuesday raised the alarm after discovering Chinese cyber-espionage operators chaining multiple zero-day exploits to siphon e-mail data from corporate Microsoft Exchange servers.
In all, Microsoft said the attacker chained four zero-days into a malware cocktail targeting its Exchange Server product.
"In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments," Microsoft said.
CVE-2021-26855 is a server-side request forgery vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server.
If HAFNIUM could authenticate with the Exchange server then they could use this vulnerability to write a file to any path on the server.
First, the group gained access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise as someone who should have access.
News URL
Related news
- Microsoft fixes 6 zero-days under active attack (source)
- Chinese hacking groups target Russian government, IT firms (source)
- Microsoft August 2024 Patch Tuesday fixes 9 zero-days, 6 exploited (source)
- Windows Server August updates fix Microsoft 365 Defender issue (source)
- Microsoft Issues Patches for 90 Flaws, Including 10 Critical Zero-Days (source)
- Microsoft Patched 6 Actively Exploited Zero-Day Flaws (source)
- Microsoft Patches Zero-Day Flaw Exploited by North Korea’s Lazarus Group (source)
- Google fixes ninth Chrome zero-day exploited in attacks this year (source)
- Chinese Hackers Exploit Zero-Day Cisco Switch Flaw to Gain System Control (source)
- Microsoft: August updates cause Windows Server boot issues, freezes (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-03 | CVE-2021-26855 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 9.1 |