No, I Did Not Hack Your MS Exchange Server

2021-03-28 17:40

New data suggests someone has compromised more than 21,000 Microsoft Exchange Server email systems worldwide and infected them with malware that invokes both KrebsOnSecurity and Yours Truly by name.

The Shadowserver Foundation, a nonprofit that helps network owners identify and fix security threats, says it has found 21,248 different Exchange servers which appear to be compromised by a backdoor and communicating with brian[.

These backdoors give an attacker complete, remote control over the Exchange server.

Watson said the Krebsonsecurity file will attempt to open up an encrypted connection between the Exchange server and the above-mentioned IP address, and send a small amount of traffic to it each minute.

Shadowserver found more than 21,000 Exchange Server systems that had the Babydraco backdoor installed.

There are hundreds of thousands of Exchange Server systems worldwide that were vulnerable to attack, and most of those have been patched over the last few weeks.

News URL

https://krebsonsecurity.com/2021/03/no-i-did-not-hack-your-ms-exchange-server/

#exchange #hack #server