Mandiant: MS Exchange bugs first exploited in January
Analysis from technical teams at FireEye’s Mandiant tracked activity exploiting newly disclosed vulnerabilities in Microsoft Exchange Server more than a month ago
Share this item with your network: By Published: 05 Mar 2021 15:00
Malicious actors were abusing four vulnerabilities disclosed this week in on-premise instances of Microsoft Exchange Server as far back as January 2021, according to a new report produced by FireEye Mandiant researchers Matt Bromiley, Chris DiGiamo, Andrew Thompson and Robert Wallace.
Disclosed earlier this week alongside an out-of-sequence patch, exploitation of the four vulnerabilities, one rated critical and three medium, was linked by Microsoft to a Chinese advanced persistent threat (APT) group known as Hafnium, although there is already bountiful evidence to suggest exploitation of the CVEs goes far beyond one group.
Chinese cyberespionage group hacks US organisations with Exchange zero-day flaws
Microsoft believes Chinese APT group Hafnium is using a set of previously unknown Exchange Server vulnerabilities to access mailbox contents and perform remote code execution. Credit: Microsoft
Microsoft has released emergency patches for four previously unknown vulnerabilities in Exchange Server that a cyberespionage group was exploiting to break into organizations. The flaws allow the extraction of mailbox contents and the installation of backdoors on vulnerable servers.
Microsoft attributes the attacks to a Chinese APT group dubbed Hafnium that has a history of exploiting vulnerabilities in internet-facing servers and targeting Office 365 users. The group has targeted entities in the US including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.
Microsoft Exchange CVEs more widely exploited than thought
US CISA issues emergency guidance as impact of four newly disclosed Microsoft Exchange vulnerabilities becomes clearer
Share this item with your network: By Published: 04 Mar 2021 14:49
The US government’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an emergency directive warning all government civilian departments and agencies running an on-premise Microsoft Exchange installation to update or disconnect the product as the impact of four newly disclosed vulnerabilities – CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065 – spreads.
The CISA has also called on US agencies to collect forensic images and search for known indicators of compromise (IOCs) in response to active exploitation of the vulnerabilities, which have prompted an out-of-sequence patch from Microsoft.
Chinese cyberespionage group hacks US organisations with Exchange zero-day flaws reseller.co.nz - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from reseller.co.nz Daily Mail and Mail on Sunday newspapers.