An ongoing phishing operation that stole an estimated 400,000 OWA and Office 365 credentials since December has now expanded to abuse new legitimate services to bypass secure email gateways (SEGs).
Serious vulnerabilities in Microsoft Exchange have been exploited by at least 10 APT groups that have been collectively been hitting thousands of companies over the
March 8, 2021
Sometimes when a complex story takes us by surprise or knocks us back on our heels, it pays to revisit the events in a somewhat linear fashion. Here’s a brief timeline of what we know leading up to last week’s mass-hack, when hundreds of thousands of
When did Microsoft find out about attacks on previously unknown vulnerabilities in Exchange?
Pressed for a date when it first became aware of the problem, Microsoft told KrebsOnSecurity it was initially notified “in early January.” So far the earliest known report came on Jan. 5, from a principal security researcher for security testing firm DEVCORE who goes by the handle “Orange Tsai.” DEVCORE is credited with reporting two of the four Exchange flaws that Microsoft patched on Mar. 2.
By Ryan Naraine on March 02, 2021
Microsoft late Tuesday raised the alarm after discovering Chinese cyber-espionage operators chaining multiple zero-day exploits to siphon e-mail data from corporate Microsoft Exchange servers.
Redmond s warning includes the release of emergency out-of-band patches for four distinct zero-day vulnerabilities that formed part of the threat actor s arsenal.
Microsoft pinned the blame on a sophisticated Chinese APT operator called HAFNIUM that operates from leased VPS (virtual private servers) in the United States.
HAFNIUM primarily targets entities in the U.S. across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks, and NGOs.