Security News > 2021 > March > Microsoft Exchange Servers Face APT Attack Tsunami

Recently patched Microsoft Exchange vulnerabilities are under fire from at least 10 different advanced persistent threat groups, all bent on compromising email servers around the world.
Microsoft said in early March that it had spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange Server.
This activity was quickly followed by a raft of other groups, including CactusPete and Mikroceen "Scanning and compromising Exchange servers en masse," according to ESET. "We have already detected webshells on more than 5,000 email servers as of the time of writing, and according to public sources, several important organizations, such as the European Banking Authority, suffered from this attack," according to the ESET report.
After the patches rolled out and the vulnerabilities were publicly disclosed, CactusPete compromised the email servers of an Eastern Europe-based procurement company and a cybersecurity consulting company, ESET noted.
The Mikroceen APT group compromised the Exchange server of a utility company in Central Asia, which is the region it mainly targets, a day after the patches were released.
Organizations with on-premise Microsoft Exchange servers should patch as soon as possible, researchers noted - if it's not already too late.
News URL
https://threatpost.com/microsoft-exchange-servers-apt-attack/164695/
Related news
- Microsoft Uncovers Sandworm Subgroup's Global Cyber Attacks Spanning 15+ Countries (source)
- Microsoft fixes bug causing Windows Server 2025 boot errors (source)
- Microsoft: Hackers steal emails in device code phishing attacks (source)
- New OpenSSH flaws expose SSH servers to MiTM and DoS attacks (source)
- Microsoft's End of Support for Exchange 2016 and 2019: What IT Teams Must Do Now (source)
- Microsoft fixes Power Pages zero-day bug exploited in attacks (source)
- Botnet targets Basic Auth in Microsoft 365 password spray attacks (source)
- Silver Fox APT Uses Winos 4.0 Malware in Cyber Attacks Against Taiwanese Organizations (source)
- New ClickFix attack deploys Havoc C2 via Microsoft Sharepoint (source)
- Over 37,000 VMware ESXi servers vulnerable to ongoing attacks (source)