Security News > 2021 > March > How the Microsoft Exchange hack could impact your organization
Early last week, Microsoft revealed that a China-based group called Hafnium has been launching cyberattacks against organizations by exploiting four zero-day vulnerabilities in on-premises versions of its Exchange Server software.
Calling this Microsoft Exchange/OWA hack a pretty elaborate attack, Michael Isbitski, Technical Evangelist at Salt Security, told TechRepublic that he suspects this will impact a lot of organizations still operating their own mail infrastructure rather than using a SaaS like Microsoft 365.
To help Exchange users tell if they've been compromised, Microsoft recommends two specific actions: Check your patch levels of Exchange Server, and scan your Exchange log files for indicators of compromise.
A blog post from the Microsoft Exchange team and a post from the Microsoft Security Response Center both offer additional details on installing and troubleshooting the patches and investigating for IOCs.What if your organization has been compromised?
"Patching their Exchange servers will prevent an attack if their Exchange server has not already been compromised," said Vectra CTO Oliver Tavakoli.
Another advisory from CISA indicated that all federal civilian departments and agencies running Microsoft Exchange on-premises products are required to update or disconnect the products from their networks until the Microsoft patches are applied.