Microsoft Exchange flaws now being used by hackers around the world

Researchers urge administrators to patch their Exchange servers without delay

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Security researchers have discovered over ten different hacking groups actively exploiting the zero-day vulnerability inMicrosoftExchangeemailserver, despite the company’s initial attempts to play down the cyberattacks.

Microsoft Threat Intelligence Center (MSTIC),first detected the vulnerabilitiesbeing exploited by a Chinese state-sponsored threat actor dubbed Hafnium.

ESET researchers have now identified over 5000 hackedemailservers from all over the world belonging to businesses and governments leading them to believe that the now-patched vulnerability is being exploited by several attackers.

“The day after the release of the patches, we started to observe many more threat actors scanning and compromising Exchange servers en masse,” said ESET researcher Matthieu Faou, adding that “it is inevitable that more and more threat actors, includingransomwareoperators, will have access to the exploits sooner or later.”

Tip of the iceberg?

As previously reported, security experts now estimate that over 30,000 US governmental and commercial organizations may have already had their emails hacked following the attack on servers across the country,precipitating a statementfrom the White House.

While Microsoft has already issued a patch to fix the vulnerability, the US government agrees with security experts that the attacks aren’t over.

Speaking toTechRadar Pro, Adrien Gendre, chief product and services officer at email security vendor Vade Secure said he believes the worst is still to come as the attackers have likely left backdoors for them to return to later.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“Based on our knowledge of prior incidents, parties affected can expect to see a rise in spear phishing attacks in the coming weeks, all of which will be highly qualitative with proper context and potentially contain history of past email conversations to lend credibility to the scams,” Gendre said.

The latest insight from ESET backs up Gendre’s opinion. Using telemetry data, ESET has identified over ten different threat actors that it believes have leveraged the Exchange vulnerability to install malware like webshells and backdoors on their victims’ email servers.

“The incident is a very good reminder that complex applications such as Microsoft Exchange or SharePoint should not be open to the internet,” ESET’s Faou added, urging admins to patch the Exchange servers including those that aren’t directly exposed to the internet.

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’sTechRadar Pro’sexpert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Lego will let you build Sir Ernest Shackleton’s iconic lost ship, the Endurance, in its next Icons set