Security News > 2021 > March > Exchange flaws could be much worse than thought: Six hacking groups suspected of using the zero days pre-patch

Exchange flaws could be much worse than thought: Six hacking groups suspected of using the zero days pre-patch
2021-03-15 12:30

It's looking like the exploitation of critical Exchange flaws that Microsoft revealed at the start of the month could be much worse than folks first suspected.

An analysis by Slovak security shop ESET claims that six advanced criminal hacking groups, thought to have some level of state sponsorship, used the zero days to attack government and industry sites before the flaws were patched.

At the time, Microsoft claimed that only one Chinese-based hacking group, dubbed Hafnium, had illicitly exploited the dodgy code.

The timeline for this opens up some interesting possibilities, particularly in light of reports that the flaws were leaked from a February 23 alert sent by Microsoft to key security partners worldwide.

Either a state-sponsored team found and exploited the flaws - probably for a while before someone else found them - and then shared them out to similar groups.

Could anything make this whole Exchange mess worse? Possibly: Sysadmins have taken to Reddit to complain that Microsoft's MSERT malware protection tool is producing false positives for signs of the attacks on Exchange.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/03/15/in_brief_security/