Just this week, Microsoft announced that one of its email products, Exchange, had been hacked by some Chinese hackers. Dubbed “HAFNIUM,” the Chinese state-sponsored threat actor is reportedly exploiting several zero-day flaws in Microsoft Exchange servers all over the globe. As per the company’s internal investigation, the hack seems to be an effort to steal users’ data, and the software giant has sought to play it down by calling it “limited and targeted” in nature. But now, the hack is beginning to look like a massive attack, which is still ongoing.
It’s not the first time Microsoft has been compromised in a hacking campaign. But the recent hack is said to be totally unrelated to the previous, SolarWinds, one. Exchange is one of Microsoft’s email products that works with mail clients like Microsoft Office and ensures to synchronize the updates to devices. The service is used very widely all over the world, and thousands of users and companies’ data is now at the risk of a breach.
Agencies Running These Servers Need to Patch Them
Although Microsoft has termed the hack a “limited and targeted” attack, numerous parties including the White House have shown concern about the extent of the attack. An official spokesperson from the US administration, Jen Psaki, said, “Everyone running these servers — government, private sector, academia — needs to act now to patch them.” He further added, “We are concerned that there are a large number of victims and are working with our partners to understand the scope of this.” Besides, all network operators are also urged to take it very seriously.
Apart from this, CISA has mandated that all federal agencies need to patch the Exchange servers if they’re using them. The attack is expected to affect tens of thousands of users and agencies. KrebsOnSecurity on Friday said that “at least 30,000” US organizations have been hacked via the newly discovered flaws in Exchange servers. The report also claimed that potentially hundreds of thousands of such servers worldwide were hacked as a result of this hacking campaign. Similarly, Reuters also reported that more than “20,000 American organisations” have been compromised.
While looking at all the reactions from federal agencies and direct concerns from the Biden administration, it clearly looks like Microsoft has downplayed the threat. National Security Advisor to President Biden, Jack Sullivan also tweeted that the administration was alarmed. A more concerning report comes from Huntress, a security firm that in a report detailed the extent to which web-shells have been deployed against unpatched Microsoft servers.
As per the Huntress report, the security firm has identified over 176 of its partners’ servers that have received the web-shell payload. Upon asking, Microsoft in a response said that they recommend customers update as soon as possible. The company in its blogs said that it anticipates many nation-state actors and criminal groups would move quickly to take advantage of any unpatched systems.
This seems to be one of the biggest security breaches in recent times and we recommend you patch your Exchange servers as soon as possible.