Security News > 2021 > March > How cybercrime groups are exploiting the latest Microsoft Exchange flaws

How cybercrime groups are exploiting the latest Microsoft Exchange flaws
2021-03-10 20:58

Criminals have been targeting organizations that run Exchange hoping to breach ones that haven't patched the latest bugs, says ESET. Four critical zero-day vulnerabilities in Microsoft Exchange have paved the way for attackers to take over accessible Exchange servers even without knowing the credentials.

The four Exchange vulnerabilities in question were first uncovered by vulnerability researcher Orange Tsai, who reported them to Microsoft on Jan. 5, according to ESET. But security firm Volexity, which also alerted Microsoft, claims the exploitation of these flaws started on Jan. 3.

On Feb. 28, Tick hacked into the Exchange server of an IT company in East Asia, which means it exploited the vulnerabilities before Microsoft patched them.

A cyber espionage group targeting government agencies in Central Asia, the Middle East, South America and Asia, Calypso hacked into the Exchange servers of government groups in the Middle East and South America on March 1.

Starting March 5, this campaign deployed several PowerShell downloaders on multiple Exchange servers that had previously been targeted through the Exchange flaws.

Microsoft recommends two other actions: Check your patch levels of Exchange Server, and scan your Exchange log files for indicators of compromise.


News URL

https://www.techrepublic.com/article/how-cybercrime-groups-are-exploiting-the-latest-microsoft-exchange-flaws/#ftag=RSS56d97e7

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Microsoft 480 75 2308 5128 264 7775