Security News > 2021 > March > Microsoft: Multiple Exchange Server Zero-Days Under Attack by Chinese Hacking Group

Microsoft late Tuesday raised the alarm after discovering Chinese cyber-espionage operators chaining multiple zero-day exploits to siphon e-mail data from corporate Microsoft Exchange servers.
In all, Microsoft said the attacker chained four zero-days into a malware cocktail targeting its Exchange Server product.
"In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments," Microsoft said.
CVE-2021-26855 is a server-side request forgery vulnerability in Exchange which allowed the attacker to send arbitrary HTTP requests and authenticate as the Exchange server.
If HAFNIUM could authenticate with the Exchange server then they could use this vulnerability to write a file to any path on the server.
First, the group gained access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise as someone who should have access.
News URL
Related news
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Broadcom fixes three VMware zero-days exploited in attacks (source)
- U.S. Charges 12 Chinese Nationals in State-Backed Hacking Operations (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)
- Microsoft March 2025 Patch Tuesday fixes 7 zero-days, 57 flaws (source)
- Apple fixes WebKit zero-day exploited in ‘extremely sophisticated’ attacks (source)
- Apple Releases Patch for WebKit Zero-Day Vulnerability Exploited in Targeted Attacks (source)
- URGENT: Microsoft Patches 57 Security Flaws, Including 6 Actively Exploited Zero-Days (source)
- Microsoft patches Windows Kernel zero-day exploited since 2023 (source)
- Patch Tuesday: Microsoft Fixes 57 Security Flaws – Including Active Zero-Days (source)
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-03-03 | CVE-2021-26855 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 0.0 |