Cybersecurity reports reveal that four exploits found in Exchange Server software led to the hacking of more than 30,000 emails from US commercial and government organizations due to cybercriminal groups that attack Microsoft Exchange as we well see. According to the KrebsOnSecurity report.
How this attack on Microsoft Exchange happened and what causes
But how did this happen? Well… Earlier this month, Microsoft released a set of patches for the 2013, 2016 and 2019 versions of Exchange Server that were used to resolve a number of vulnerabilities that would allow remote code execution. These vulnerabilities would allow attackers to take control of any Exchange server without knowing the authentication credentials, making Exchange servers connected to the Internet especially vulnerable.
It is understood that in each attack carried out, the intruders left behind a “web shell”, a password-protected hacker tool that can be accessed from any browser. The web shell gives attackers administrative access to the victim’s computer servers at any time.
The exploits have already received a security patch from Microsoft, but company security experts who spoke with Krebs say the debugging process will be a larger effort for the thousands of state governments and organizations that were affected.
The most recommended of course is that you install the Exchange patches as soon as possible. Even for those who are not connected to the Internet since by not doing this they will put their data at risk.
ESET identified more than 10 different threat actors that would be taking advantage of these recent vulnerabilities in Microsoft Exchange to install implants in the email servers of the victims and within the groups identified, they are:
▸LuckyMouse: This group Compromised a mail server at a government entity in the Middle East. He would have had access to the exploit at least a day before Microsoft’s release of the patches, when it was still zero-day.
▸Calypso: Compromised mail servers in government entities in the Middle East and South America. The group had access to the exploit as a zero-day. Subsequently, this group attacked public and private entities in Africa, Asia and Europe.
See also:
Security vulnerabilities in Email services
The day that Uber suffered a cyber attack
