Security News > 2021 > March > A Basic Timeline of the Exchange Mass-Hack

A Basic Timeline of the Exchange Mass-Hack
2021-03-08 16:05

Here's a brief timeline of what we know leading up to last week's mass-hack, when hundreds of thousands of Microsoft Exchange Server systems got compromised and seeded with a powerful backdoor Trojan horse program.

Pressed for a date when it first became aware of the problem, Microsoft told KrebsOnSecurity it was initially notified "In early January." So far the earliest known report came on Jan. 5, from a principal security researcher for security testing firm DEVCORE who goes by the handle "Orange Tsai." DEVCORE is credited with reporting two of the four Exchange flaws that Microsoft patched on Mar. 2.

Microsoft credits Volexity with reporting the same two Exchange flaws as DEVCORE. Danish security firm Dubex says it first saw clients hit on Jan. 18, and reported their incident response findings to Microsoft on Jan. 27.

Feb. 18: Microsoft confirms with DEVCORE a target date of Mar. 9 for publishing security updates for the Exchange flaws.

Mar. 4: White House National Security Advisor Jake Sullivan tweets about importance of patching Exchange flaws, and how to detect if systems are already compromised.

Mar. 10: Security firm ESET reports at least 10 "Advanced persistent threat" cybercrime and espionage groups have been exploiting the newly-exposed Exchange flaws for their own purposes.


News URL

https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/