Microsoft Exchange Attack: 30,000 Servers Compromised


March 8, 2021

If you haven’t patched your Microsoft Exchange Server recently you should seriously consider it. There are FOUR “zero-day” vulnerabilities currently wrecking havoc around the with tens of thousands of organizations affected.

The vulnerabilities are:

  • CVE-2021-26855
  • CVE-2021-26857
  • CVE-2021-26858
  • CVE-2021-27065

Microsoft issued emergency patches last week for the four vulnerabilities (which you can read more about here). Microsoft believes the hacking team behind the attacks, called Hafnium, is most likely based in China.

The United States Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an order directing organizations apply the recently released patches.

Microsoft, in their statement regarding the issue, said “nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems.”

Hafnium perpetrates their attacks by deploying “web shells” on the afflicted Exchange servers. Their intent is to steal data and installing malware.

You can find out more about the vulnerabilities here on Microsoft’s update guide page:

Like our blog? You can view more posts down below.

Carl Keyser is the Content Manager at Integris.

Keep reading

A Personal Twist on Zero Trust Security

A Personal Twist on Zero Trust Security

The massive Australian data breach in late September inspires me to share a personal twist on Zero Trust Security. What makes this incident colossal? BBC News Australia reports, "Australian telecommunications giant Optus revealed about 10 million customers - about 40%...

4 Cybersecurity Takeaways from China’s Largest Data Breach

4 Cybersecurity Takeaways from China’s Largest Data Breach

Cybersecurity drama strikes again as human error leads to China's biggest data breach and perhaps the most significant hack of personal information in history. According to Threat Post, the incident was triggered after a Chinese government software developer wrote a...

The Business Impact of the AGCO Ransomware Attack

The Business Impact of the AGCO Ransomware Attack

On May 6, 2022, global agricultural equipment manufacturer and distributor AGCO announced they were victims of a ransomware attack. The cyber assault hit some of their production facilities on May 5. Restoring operations to normal will take several or more days. While...