Microsoft Exchange Server hack affects at least 30,000 organizations

Chinese hackers steal navy serets

It was impossible to miss news of the massive SolarWinds cyberattack that occurred late last year. Countless organizations were affected by it and the extent of the hack is still being investigated. Now, another widescale attack has been discovered.

According to well-known cybersecurity journalist Brain Krebs, multiple vulnerabilities in Microsoft’s Exchange Server software have put 30,000 organizations at risk. U.S. government divisions and commercial businesses alike seem to be affected by the attack.

At this time, it’s unclear exactly who is behind it. However, both Wired and Krebs report that a Chinese hacking group by the name of Hafnium appears to be responsible.

Authorities and the involved organizations are scrambling to determine how severe the attack is and how their systems may be affected.

Major Impact

Typically, a successful cyberattack only targets one organization or a group that is connected by the same network infrastructure. Attacks like the ones targeting SolarWinds and Exchange Server reveal how third-party software can pose a serious security risk. Since those applications are deeply ingrained in a company’s network, they can cause major problems if they are compromised.

Krebs notes that the recent attack gave hackers total control over the systems of affected companies and organizations. In response, Microsoft offered emergency security updates on March 2 to try and stop the hackers from stealing further data.

However, experts later found a password-protected hacking tool called a web shell on the affected systems. This allows the hackers to regain remote control and administrative access at a later date.

In a tweet on Friday, former Cybersecurity and Infrastructure Agency (CISA) head Chris Krebs (not related to Brain Krebs) said, “This is a crazy huge hack. The numbers I’ve heard dwarf what’s reported here & by my brother from another mother (@briankrebs). Why, though? Is this a flex in the early days of the Biden admin to test their resolve? Is it an out of control cybercrime gang? Contractors gone wild?”

At this point, the motivations behind the attack remain unclear.

More to Come

Those who followed the SolarWinds saga know that there are always more details being unveiled in the wake of a massive cyberattack. History is likely to repeat itself following this event.

At the time of this writing, an official list of the affected companies and organizations hasn’t been released. Until that happens, it’s impossible to grasp the full extent of the attack and what fallout could occur as a result. Nonetheless, it appears that the hack has far-reaching and very serious effects.

In the meantime, Microsoft is working with authorities to investigate the attack. A company spokesperson said that it is “working closely with CISA, other government agencies, and security companies, to ensure we are providing the best possible guidance and mitigation for our customers.”

Microsoft goes on to recommend that anyone using its Exchange Server software should apply the updates it rolled out as soon as possible.


Please enter your comment!
Please enter your name here