IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

‘Hundreds of thousands’ of victims in Microsoft Exchange Server attacks

Even if you patched the same day Microsoft released fixes, there’s every chance a web shell is on your server

There are potentially hundreds of thousands of victims from cyber attacks exploiting newly-discovered Microsoft Exchange Server vulnerabilities, with the White House urging businesses to patch their systems immediately.

US-based victims exceed 30,000 including small businesses, towns and cities as well as local government organisations, according to security researcher Brian Krebs, with Chinese hackers determined to steal their email communications.

This figure, however, only represents a portion of “hundreds of thousands” of servers that state-backed Chinese hackers have seized, based on information provided to Krebs by two security experts. Each targeted server, deployed to process email communications, represents roughly one organisation here. 

“This is an active threat,” White House press secretary Jen Psaki said at a press briefing, as reported by BBC News. “Everyone running these servers - government, private sector, academia - needs to act now to patch them." 

She added that the White House was concerned “there are a large number of victims” and that these vulnerabilities discovered last week could have “far-reaching impacts”.

Microsoft patched four actively exploited flaws in several versions of its Microsoft Exchange Server service last week, which attackers were taking advantage of to steal emails from web-facing systems running the software. 

In these attacks, the perpetrators left behind a password-protected web shell that could be accessed from anywhere, giving them administrative access to victims’ servers.

The company also warned businesses that this charge was being led by state-backed hackers, specifically the Hafnium group, although refrained from disclosing how many victims there were at the time.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

The US Cybersecurity and Infrastructure Security Agency (CISA) then ordered US federal agencies to immediately patch their Exchange Server installations, or disconnect the programme until it can be reconfigured, for fear of falling victim to hacking attempts.

“Patching and mitigation is not remediation if the servers have already been compromised,” the White House’s National Security Council also tweeted. “It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted.”

Vice president of Volexity, Steven Adair, who first reported the Exchange flaws to Microsoft, also told KrebsonSecurity that the hacking group first exploited these bugs on 6 January, but shifted into a much higher gear over the last few days.

“Even if you patched the same day Microsoft published its patches, there’s still a high chance there is a web shell on your server,” he said. “The truth is, if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised.”

Featured Resources

What 2023 will mean for the industry

What do most IT decision makers really think will be the important trends and challenges in the coming year?

Free Download

2022 Magic quadrant for Security Information and Event Management (SIEM)

SIEM is evolving into a security platform with multiple features and deployment models

Free Download

IDC MarketScape: Worldwide unified endpoint management services

2022 vendor assessment

Free Download

Magic quadrant for application performance monitoring and observability

Enabling continuous updating of diverse & dynamic application environments

View Now

Recommended

Google to cut global workforce by 12,000 roles
Careers & training

Google to cut global workforce by 12,000 roles

20 Jan 2023
Windows 11 System Restore bug preventing users from accessing apps
Microsoft Windows

Windows 11 System Restore bug preventing users from accessing apps

19 Jan 2023
Microsoft releases scripts to restore shortcuts deleted in faulty Windows Defender update
Microsoft Windows

Microsoft releases scripts to restore shortcuts deleted in faulty Windows Defender update

16 Jan 2023
Windows Defender update deletes Start Menu, Taskbar, Desktop shortcuts
Microsoft Windows

Windows Defender update deletes Start Menu, Taskbar, Desktop shortcuts

13 Jan 2023

Most Popular

Dutch hacker steals data from virtually entire population of Austria
data breaches

Dutch hacker steals data from virtually entire population of Austria

26 Jan 2023
GTA V vulnerability exposes PC users to partial remote code execution attacks
vulnerability

GTA V vulnerability exposes PC users to partial remote code execution attacks

23 Jan 2023
European partners expect growth this year, here are three ways they will achieve it
Sponsored

European partners expect growth this year, here are three ways they will achieve it

17 Jan 2023