 |
| Microsoft has been warning Hafnium for months |
Cybersecurity journalists (Brian Krebs and Andy Greenberg) reported a few days ago that as many as 30,000 companies suffered unprecedented damage when they compromised Microsoft Exchange mail servers. The hacker attack is said to have come from a state-sponsored hacker organization in China. It is hafnium.
With the European Banking Authority admitting that it was one of the victims, and Microsoft was slow in realizing the danger of the correction and the threat of it, this estimate doubled, reaching 60,000 customers who were hacked around the world.
Krebs laid out a basic timeline for a large-scale invasion of Exchange Server, saying: Microsoft confirmed it was aware of the vulnerability in early January.
Nearly two months after Microsoft released the first fixes and shared a blog that did not explain the scope or extent of the attack, the blog initially planned to wait for the release of the standard patch on Tuesday, but removed the fix. It was released a week ago.
The Massachusetts Institute of Technology Technology Review reports that f may not be the only threat, citing a network security analyst as saying that at least five groups of hackers were actively exploiting vulnerabilities in Exchange Server on Saturday.
There are reports of government officials making efforts to take action. It's a big deal, a state official said, and the White House press secretary described the problem as a positive threat and drew attention to the Department of Homeland Security's Office of Cybersecurity Instructions. February 3.
The White House National Security Adviser also warned that the former director of the White House Cybersecurity and Infrastructure Security Agency and the National Security Council also warned.
Anyone who installs Microsoft Exchange server locally should install the patch. There have been reports that hackers have installed malware that they can return to the server. It is currently unclear what they support.
Microsoft declined to comment at the time of corrections and disclosures, and instead cited a previous statement: “We work closely with CISA and other government agencies and security companies to ensure we provide the best advisory and mitigation measures to our clients.
The statement added: The best protection is to install updates on all affected systems as quickly as possible. We will continue to assist customers with further investigations and mitigation instructions. Affected customers should contact the support team for additional assistance and resources.
The GOP dam is breaking. @RepJohnKatko and @RepLizCheney are on the right side of history. There must be consequences for actively undermining the Republic and it starts with impeachment and removal.
— Chris Krebs (@C_C_Krebs) January 12, 2021
CISA urges ALL organizations across ALL sectors to follow guidance to address the widespread domestic and international exploitation of Microsoft Exchange Server product vulnerabilities; see CISA’s newly released web page for details. https://t.co/VwYqAKKUt6. #Cyber #InfoSec
— US-CERT (@USCERT_gov) March 9, 2021