Microsoft Exchange Server Attack Timeline

by

March 9, 2021

Brian Krebs over at Krebsonsecurity.com has put together a handy timeline regarding the recent string of Microsoft Exchange Server attacks.

The timeline starts on January 6th and runs up to the present. Here are the first two months of the time line according to Mr. Krebs:

  • Jan. 5: DEVCORE alerts Microsoft of its findings.
  • Jan. 6: Volexity spots attacks that use unknown vulnerabilities in Exchange.
  • Jan. 8: DEVCORE reports Microsoft had reproduced the problems and verified their findings.
  • Jan. 11: DEVCORE snags proxylogon.com, a domain now used to explain its vulnerability discovery process.
  • Jan. 27: Dubex alerts Microsoft about attacks on a new Exchange flaw.
  • Jan. 29: Trend Micro publishes a blog post about “Chopper” web shells being dropped via Exchange flaws (but attributes cause as Exchange bug Microsoft patched in 2020)
  • Feb. 2: Volexity warns Microsoft about active attacks on previously unknown Exchange vulnerabilities.
  • Feb. 8: Microsoft tells Dubex it has “escalated” its report internally.
  • Feb. 18: Microsoft confirms with DEVCORE a target date of Mar. 9 (tomorrow) for publishing security updates for the Exchange flaws. That is the second Tuesday of the month — a.k.a. “Patch Tuesday,” when Microsoft releases monthly security updates (and yes that means check back here tomorrow for the always riveting Patch Tuesday roundup).
  • Feb. 26-27: Targeted exploitation gradually turns into a global mass-scan; attackers start rapidly backdooring vulnerable servers.

You can read the rest of it over on his blog.

Like our blog? Subscribe using the CTA in the upper right-hand corner of this page. Feel like sharing your thoughts with us? Use the comment section below.

Carl Keyser is the Content Manager at Integris.

Keep reading

Strong Cybersecurity Postures: How to Unleash their Power

Strong Cybersecurity Postures: How to Unleash their Power

In the vast digital landscape where virtual dragons and sneaky trolls roam a strong cybersecurity posture has never been more important. Imagine a band of modern-day knights led by our protagonist, Alex. Armed with a trusty laptop and a cup of coffee, Alex navigates...

How to Spot a Phishing Attack in 2023

How to Spot a Phishing Attack in 2023

In 2023 cyber threats lurk behind every tree trunk in today's digital jungle, and cybersecurity awareness is more critical than ever. Among the craftiest of these threats are phishing attacks. Phishing attacks are cunningly engineered with social manipulation at their...

How to Choose an IT Consultant in Boulder, CO

Regardless of industry size or type, Boulder IT consultants play a massive role in the way companies in the Boulder area do business. While most companies may have their own in-house IT department, many of these departments are small and cannot handle all the...