There are thought to “hundreds of thousands” of victims of a recent cyber-attack that targeted Microsoft Exchange users. Although Microsoft has managed to find and patch four of the flaws used to access their servers, it is said that this is still an ongoing issue.
The Chinese hackers (Hafnium) were exploiting these flaws and using them to gain access to and steal emails and web-facing systems running the Microsoft Exchange software. The hackers left behind a password protected web shell which meant that no matter where they were, they had full admin access to the victims’ servers.
Microsoft has warned businesses that have been caught in this attack that the hacker group is state backed. A quote from the vice president of cyber security Volexity, Steven Adair, who was thought to be the first person to report this breach to Microsoft states, “Even if you patched the same day Microsoft published its patches, there’s still a high chance there is a web shell on your server. The truth is, if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organisation is already compromised.”
Somewhat surprisingly, it is now known that Microsoft was made aware of Exchange Server vulnerabilities around 1 month before Volexity contacted them and a whole 2 months before the actual attacks were carried out. This gave them plenty of time to resolve these issues which they didn’t take advantage of. Multiple news sources have asked Microsoft for a comment on this, but no comment has been released at the time of writing.
We know how important your business is to you. If you have any concerns regarding your cyber security, get in touch with us. And remember, if proof were ever needed, just because you access your live data from Microsoft’s Cloud, it does not mean you shouldn’t back up that data.