Digital Forensics & Incident Response Strategic Services Advanced Testing Services Managed Security Services
March 4, 2021
Security Alert | Microsoft Exchange Vulnerability

Microsoft has announced multiple zero-day Microsoft Exchange vulnerabilities are being exploited by Chinese hacking group Hafnium. The hackers are using web shells to remotely control compromised on-premises Exchange email servers, allowing them to steal data and take actions to establish persistent access to victim environments. They have reportedly been able to slip past most preventative security products.

The exploits don’t affect Exchange Online and are not connected to the massive SolarWinds campaign.

Who Is Being Targeted?

Microsoft has asserted that Hafnium—which evidently conducts its operations primarily from leased virtual private servers in the United States—tends to target high-profile organizations such as infectious disease researchers, policy think tanks, higher education institutions, law firms, defense contractors and NGOs in hopes of exfiltrating information. Already-identified victims of this campaign include city and county governments, healthcare providers, banks/financial institutions, and residential electricity providers.

Lower-profile victims include small hotels, an ice cream company, a kitchen appliance manufacturer, and multiple senior citizen communities.

What You Can Do

  • Microsoft released security updates that will protect customers running Exchange Server. While Hafnium is generally focused on “big-game hunting,” everyone should patch immediately because, as Microsoft put it, “we anticipate that many nation-state actors and criminal groups will move quickly to take advantage of any unpatched systems.” Exploit code is likely to be forthcoming.
  • Read the Microsoft blog for technical details of the vulnerabilities/CVEs
  • Contact us. We can help evaluate your environment, and identify and remediate weaknesses that could result in compromise.
About the Author
CBI | Cybersecurity Solutions
CBI Cybersecurity
CBI is a leading cybersecurity advisor to many of the world’s top tier organizations. Founded in 1991, CBI provides innovate, flexible and customizable solutions that help ensure data is secure, compliant and available. We engage in an advisory-led approach to safeguard our clients against the ever-changing threat landscape—giving them comprehensive visibility into their entire security program and helping them avoid cyber challenges before they can impact their data, business and brand. We are dedicated to the relentless pursuit of mitigating risks and elevating corporate security for a multitude of industries and companies of all sizes.
I Need To...