Microsoft's Exchange Server Leaked Emails Of More Than 30,000 Organizations


Hackers are always on the move to find exploits. And when they find one, they will do whatever they can to get in, and steal.

According to a report from KrebsOnSecurity, four exploits have been found on Microsoft’s Exchange Server software, which reportedly led to over 30,000 U.S. governmental and commercial organizations having their emails hacked.

Microsoft also explained this on its own blog post, saying that the vulnerabilities allowed hackers to gain access to email accounts, and also gave them the ability to install malware to create backdoors, which might have let them to return to the compromised servers at a later time.

The attack has been ongoing since January 6th, and ramped up in late February.

While Microsoft has patched the bugs, the security experts at the cybersecurity firm said that the detection and cleanup process will be a massive, considering that targets included thousands of state and city governments, fire and police departments, school districts, financial institutions, and other organizations.

It was said the actor behind the campaign, was Chinese state-sponsored hacking group called Hafnium.

According to a tweet from Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, responding to a tweet from White House National Security Advisor Jake Sullivan, it is said that the campaign is a "real deal," considering its scale.

This news about the campaign first hit the news about a week earlier, when it was reported that Chinese hackers were actively targeting Microsoft Exchange servers, by exploiting zero-day vulnerabilities.

It's only at this time that researchers found the scale of the campaign, as they know how many servers that have been exactly targeted.

It's reported that Hafnium's activities was first spotted by security firm Volexity.

Its founder, Steven Adair, said that any organization that doesn't remove the hackers' backdoor will remains compromised, because the hackers could re-enter their networks to steal data or cause more damage until the web shell is removed.

"A massive, massive number of organizations are getting that initial foothold," says Adair. "It's a ticking time bomb that can be used against them at any point in time."

In a press conference, White House press secretary Jen Psaki warned anyone running the affected Exchange servers to quickly implement Microsoft's patch for rid the vulnerabilities.

"We are concerned that there are a large number of victims and are working with our partners to understand the scope of this."

"Network owners also need to consider whether they have already been compromised and should immediately take appropriate steps."

It should be noted that a White House press secretary commenting on specific cybersecurity issues is a rare instance.

And CISA, which is the U.S.’s primary defensive cybersecurity agency, is also not known to actively demand the entire U.S. government take protective steps to protect its cybersecurity.

"We are encouraged that many organizations are voluntarily sharing data with the world, among each other and with government institutions committed to defense. We’re grateful to researchers at Volexity and Dubex who notified us about aspects of this new Hafnium activity and worked with us to address it in a responsible way," said Microsoft in a separate blog post.

It should also be noted that the massive leak came to light, not long after Russian hackers have allegedly compromised the IT management tools from Solar Winds, which were used by some 18,000 organizations. That hacking campaign successfully breached at least half a dozen U.S. federal agencies.

Read The U.S. Government Fell For 'Solorigate', The Massive 'Grave Risk' Data Breach