‘Hundreds of thousands’ of victims in Microsoft Exchange Server attacks

Even if you patched the same day Microsoft released fixes, there’s every chance a web shell is on your server

The Microsoft Exchange Server software being accessed on a notebook device

There are potentially hundreds of thousands of victims from cyber attacks exploiting newly-discovered Microsoft Exchange Server vulnerabilities, with the White House urging businesses to patch their systems immediately.

US-based victims exceed 30,000 including small businesses, towns and cities as well as local government organisations, according to security researcher Brian Krebs, with Chinese hackers determined to steal their email communications.

This figure, however, only represents a portion of “hundreds of thousands” of servers that state-backed Chinese hackers have seized, based on information provided to Krebs by two security experts. Each targeted server, deployed to process email communications, represents roughly one organisation here. 

“This is an active threat,” White House press secretary Jen Psaki said at a press briefing, as reported by BBC News. “Everyone running these servers - government, private sector, academia - needs to act now to patch them." 

She added that the White House was concerned “there are a large number of victims” and that these vulnerabilities discovered last week could have “far-reaching impacts”.

Microsoft patched four actively exploited flaws in several versions of its Microsoft Exchange Server service last week, which attackers were taking advantage of to steal emails from web-facing systems running the software. 

In these attacks, the perpetrators left behind a password-protected web shell that could be accessed from anywhere, giving them administrative access to victims’ servers.

The company also warned businesses that this charge was being led by state-backed hackers, specifically the Hafnium group, although refrained from disclosing how many victims there were at the time.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

The US Cybersecurity and Infrastructure Security Agency (CISA) then ordered US federal agencies to immediately patch their Exchange Server installations, or disconnect the programme until it can be reconfigured, for fear of falling victim to hacking attempts.

“Patching and mitigation is not remediation if the servers have already been compromised,” the White House’s National Security Council also tweeted. “It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted.”

Vice president of Volexity, Steven Adair, who first reported the Exchange flaws to Microsoft, also told KrebsonSecurity that the hacking group first exploited these bugs on 6 January, but shifted into a much higher gear over the last few days.

“Even if you patched the same day Microsoft published its patches, there’s still a high chance there is a web shell on your server,” he said. “The truth is, if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised.”

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

What is cyber warfare?
Security

What is cyber warfare?

23 Mar 2021
HackBoss malware is using Telegram to steal cryptocurrency from other hackers
cryptocurrencies

HackBoss malware is using Telegram to steal cryptocurrency from other hackers

16 Apr 2021
FBI shuts down web shells in hacked Exchange servers
cyber security

FBI shuts down web shells in hacked Exchange servers

14 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
UK exploring plans to launch its own digital currency
digital currency

UK exploring plans to launch its own digital currency

19 Apr 2021