On Friday alone, cybersecurity reporters Brian Krebs and Andy Greenberg reported 30,000 organizations compromised by an unprecedented attack on Microsoft Exchange Server ), started by a group of Chinese hackers known as Hafnium . In just four days, the analyzes revealed a number of victims at least twice as large: we are talking about 60,000 companies customers of this service.
Months ago the first signs: Microsoft already stated in January that it was aware of being subjected to digital attacks that exploited system flaws on the servers, but there was no clear and strong response. Only after two months did it distribute a patch , without explaining the extent of the damage or who had suffered it: originally it seemed that the company even wanted to wait for the cadence of a “ Tuesday patch “, perhaps to make things quieter, only to bring it forward by a week.
MIT Technology Review explains that Hafnium would not be the only threat: apparently there are at least 5 hacker groups that “ pierce ” the Exchange Server exploiting their vulnerabilities. The scale of the damage is so great that even the US government has taken action and pronounced on it: the secretary Jen Psaki has defined it “ An active threat “, about which Jake Sullivan , National Security Advisor of the White House and Christopher Krebs have also exposed themselves , former director of Cybersecurity and Infrastructure Security Agency .
Anyone who has installed locally Microsoft Exchange Server (2010, 2013, 2016, 2019) is potentially at risk and agrees that they do check and patch , but we have reason to believe that what we see is just the tip of the iceberg: the malware installed by the hackers would give them a way to re-enter still on the servers and there is no definite information on how much it was stolen.
Microsoft meanwhile continues to remain silent about the timing of the patches and vulnerabilities, referring to statements made previously in which it communicates that it is actively engaged in assisting its customers impressed. The protection best would appear to be applying the latest updates to all affected systems, while the company will continue to follow its customers and, at the same time, to bring investigate ahead
