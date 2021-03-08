



On Friday, cybersecurity journalists Brian Krebs and Andy Greenberg said 30,000 organizations were compromised in an unprecedented email server hack believed to have originated from a country-sponsored Chinese hacking group known as Hafnium. I reported.

Over the weekend, the estimate doubled to 60,000 Microsoft Exchange Server customers being hacked around the world, the European Banking Authority being one of the victims, and a little time for Microsoft to achieve severity and patches. I admit that it seems to have taken too much. It. Krebs has put together a basic timeline for large-scale hacking of Exchange Server. Microsoft said it confirmed that it was aware of the vulnerability in early January.

This was about two months before Microsoft published its first patchset, and some blog posts didn’t explain the extent or scale of the attack. Initially, I even planned to wait for one of the standard patches Tuesday, but a week earlier I forgave it and pushed it out.

Currently, MIT Technology Review cites cybersecurity analysts who claim that at least five hacking groups appear to be actively exploiting flaws in Exchange Server as of Saturday, and hafnium may not be the only threat. I am reporting that I have sex. Government officials are reportedly struggling to do something, and one state official has told Cyber ​​Scoop that it’s a large-scale Fing deal.

More diplomatically, White House spokesman Jen Psaki called it an aggressive threat and paid more attention to the emergency directive sent by the Department of Land Security cybersecurity agency on March 3. The White House’s National Security Advisor, Jake Sullivan, warns of it, as does Christopher Krebs, a former director of cybersecurity and infrastructure security agencies, and the White House’s National Security Council.

This is the real thing. If your organization is running an OWA server published on the Internet, assume that the breach occurred between 02 / 26-03 / 03. Check the 8-character aspx file in C: \ inetpub wwwroot aspnet_client system_web . If the search hits, you are in incident response mode. https://t.co/865Q8cc1Rm

Crisk Rebs (@C_C_Krebs) March 5, 2021

Patching and mitigation is not a remedy if the server has already been compromised. Organizations using vulnerable servers need to take immediate action to determine if they are already targeted. https://t.co/HYKF2lA7sn

National Security Council (@WHNSC) March 6, 2021

At this point, anyone who has a local Microsoft Exchange Server (2010, 2013, 2016, or 2019) installed needs to patch and scan, but is just beginning to understand the extent of the damage. Must be clarified in the message. Hackers can allegedly install malware and bring them back to their servers, but it’s still unclear what they’re already taking.

According to Bloomberg, we are undertaking the entire government response to assess and address the impact and read some of the emails from White House officials.

Microsoft did not immediately respond to requests for comments regarding the timing of patches and disclosures.

