Security News > 2021 > March > How cybercrime groups are exploiting the latest Microsoft Exchange flaws
Criminals have been targeting organizations that run Exchange hoping to breach ones that haven't patched the latest bugs, says ESET. Four critical zero-day vulnerabilities in Microsoft Exchange have paved the way for attackers to take over accessible Exchange servers even without knowing the credentials.
The four Exchange vulnerabilities in question were first uncovered by vulnerability researcher Orange Tsai, who reported them to Microsoft on Jan. 5, according to ESET. But security firm Volexity, which also alerted Microsoft, claims the exploitation of these flaws started on Jan. 3.
On Feb. 28, Tick hacked into the Exchange server of an IT company in East Asia, which means it exploited the vulnerabilities before Microsoft patched them.
A cyber espionage group targeting government agencies in Central Asia, the Middle East, South America and Asia, Calypso hacked into the Exchange servers of government groups in the Middle East and South America on March 1.
Starting March 5, this campaign deployed several PowerShell downloaders on multiple Exchange servers that had previously been targeted through the Exchange flaws.
Microsoft recommends two other actions: Check your patch levels of Exchange Server, and scan your Exchange log files for indicators of compromise.