Security News > 2021 > March > Microsoft Exchange Cyber Attack — What Do We Know So Far?

Microsoft on Friday warned of active attacks exploiting unpatched Exchange Servers carried out by multiple threat actors, as the hacking campaign is believed to have infected tens of thousands of businesses, government entities in the U.S., Asia, and Europe.

A successful exploitation of the flaws allows the adversaries to break into Microsoft Exchange Servers in target environments and subsequently allow the installation of unauthorized web-based backdoors to facilitate long-term access.

Chief among the vulnerabilities is CVE-2021-26855, also called "ProxyLogon", which permits an attacker to bypass the authentication of an on-premises Microsoft Exchange Server that's able to receive untrusted connections from an external source on port 443.

"CISA is aware of widespread domestic and international exploitation of Microsoft Exchange Server vulnerabilities and urges scanning Exchange Server logs with Microsoft's IoC detection tool to help determine compromise," the agency tweeted on March 6.

FireEye's Mandiant threat intelligence team said it "Observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment" since the start of the year.

Aside from rolling out fixes, Microsoft has published new alternative mitigation guidance to help Exchange customers who need more time to patch their deployments, in addition to pushing out a new update for the Microsoft Safety Scanner tool to detect web shells and releasing a script for checking HAFNIUM indicators of compromise.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/ETDAsUnOkuU/microsoft-exchange-cyber-attack-what-do.html