United StatesMore than 30,000 government, business and corporate entities have been hacked via Microsoft’s Exchange Server vulnerability.
According to the security company report KrebsOnSecurity, Server vulnerabilities Exchange Connected, but the solution will be difficult due to the popularity of this email system. Currently, the Exchange Email server is sent from state and city governments to the U.S. Fire Department, police, and financial institutions.
Before, Wire It has also been reported that “tens of thousands of email servers” have been compromised due to the vulnerability of Exchange servers. Microsoft Vulnerability allows hackers to compromise email accounts and install malicious code so that they can be accessed later. And American software companies Suspicion Hafniam – a group of hackers based in China – is behind the crime.
According to the analysis KrebsOnSecurity, The attack took place on January 6 – the day of the Capitol Hill riots – but by the end of February the frequency had risen sharply. The vulnerabilities were actually only linked to by Microsoft on March 2, which means the hacker had almost two months of attack operations.
Hackers attacked Microsoft’s transfer email server systems with zero-day vulnerabilities, including CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. “If your computer is running a transaction and not connected, the system is more likely to be compromised,” said Volexity, a representative of the cyber security company that detected the attack. Volexity also said that individual customers were not the target of the attack.
Following the attack, White House National Security Adviser Jake Sullivan and former White House Director of Network Security and Infrastructure Chris Krebs expressed concern over Twitter. Both rated Microsoft’s vulnerabilities as “significant” and said they could cause major, long-term harm.
Currently, a detailed list of affected companies has not been released. A Microsoft spokesman said the company was “working closely with US cybersecurity agencies, government agencies and security agencies to mitigate the effects”, as well as advising teams on transfer server users that should be linked soon.
Pao Lam (Follow On the edge)