![]() March 10: According to Reuters, up to 60,000 Exchange Servers in Germany are exposed to Exchange Server vulnerabilities. This includes groups known as LuckyMouse, Calypso, TontoTeam, and DLTMiner. March 10: ESET Research finds 10 Advanced Persistent Threat (APT) cybercrime groups are exploiting the Exchange flaws for various purposes. The process starts with creating a forensic image of the system. ![]() March 8: The CISA issues an alert recommending five steps organizations can take to address Exchange vulnerabilities immediately. March 5-8: Microsoft sees increased attacks by malicious actors beyond Hafnium, also targeting the vulnerabilities the Chinese group exploited. The software vulnerabilities involved include CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065-together, these are commonly referred to as ProxyLogon. Microsoft has released updates addressing Exchange Server versions 2010, 2013, 2016, and 2019. According to the Microsoft Threat Intelligence Center (MSTIC), Hafnium is suspected to be state-sponsored and operating out of China, primarily targeting organizations in the United States across multiple industry segments and operating primarily via leased virtual private servers (VPSs) in the U.S. On the same day, Microsoft announced they suspected the attacks were carried out by a previously unidentified Chinese hacking group they dubbed Hafnium. Over the next few days, over 30,000 organizations in the US were attacked as hackers used several Exchange vulnerabilities to gain access to email accounts and install web shell malware, giving the cybercriminals ongoing administrative access to the victims’ servers. On MaMicrosoft detected multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |