Security vulnerabilities found in Microsoft’s Exchange email servers have reportedly allowed a Chinese hacking group to compromise “hundreds of thousands of email accounts", says a report by security news website KrebsOnSecurity. The Microsoft Exchange Server is an email and calendaring service that’s offered by Microsoft and used by organizations and government bodies across the globe, including India.
Cybersecurity firm, Volexity, which discovered the attacks said they began “as early as" 6 January 2021. The tech giant had issued emergency security updates to patch these vulnerabilities on 2 March, but according to a report by KrebsOnSecurity, the group has “dramatically stepped-up attacks" on any vulnerable and unpatched Exchange servers. The cyber espionage group, called Hafnium, is believed to have ties to the Chinese government too, though security experts haven't confirmed it yet.
Microsoft noted that the hackers could not only exploit the vulnerabilities to gain access to email accounts, but also left behind malware that would let them access these servers in future. Such hacks can be used to target specific government officials, steal sensitive data from organizations and more.
The US Cybersecurity and Infrastructure Security Agency (CISA) had issued an alert on 6 March. India’s Computer Emergency and Response Team (CERT-In) had also issued an advisory on 5 March. “Multiple vulnerabilities exist in Microsoft Exchange Server due to untrusted connection with Exchange Server on port 443. A remote attacker could exploit these vulnerabilities by enticing the target user to open a specially crafted file," the advisory firm CERT-In said.
“We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of US think tanks and defense industrial base entities. We encourage network owners to patch ASAP," wrote Jake Sullivan, United States White House National Security Advisor, on Twitter.
Microsoft also published a script on online code repository, GitHub, which allows organizations to check whether their Exchange servers are compromised.
Click here to read the Mint ePaperMint is now on Telegram. Join Mint channel in your Telegram and stay updated with the latest business news.