Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

Criminal hacking groups piling on to escalating Microsoft Exchange crisis

The Microsoft Exchange Server hack is becoming an even bigger security problem, due to an influx of more hacking groups attempting to take advantage of the situation before affected companies can patch their servers.

Revealed on March 3 by Microsoft, an attack by Chinese hacking group "Hafnium" targeted vulnerabilities in Microsoft Exchange Server, prompting the release of patches. Shortly after the announcement, Hafnium stepped up its attacks to hit 30,000 U.S. organizations and others around the world within a few days, but now others have joined the fray.

Security experts told the Financial Times that more hacking groups are using the opportunity to perform their own attacks using the same vulnerability. The hackers, including criminal groups, are stepping in to take advantage of the software flaws before organizations hosting servers can patch and protect them.

For many, it is probably too late to preemptively patch the issue. "Every possible victim that hadn't patched by mid-to-end of last week has already been hit by at least one or several actors," proposed security group CrowdStrike co-founder Dmitri Alperovitch.

Outside of the United States, the European Banking Authority became the first major public body to confirm it was compromised by attacks.

The scale of the inflated attacks will be a serious problem for some time, prompting governmental intervention. The Cybersecurity and Infrastructure Security Agency (CISA) has urged "All organizations across all sectors to follow guidance to address the widespread domestic and international exploitation" of the vulnerabilities.

There is also advice to use of Microsoft's IOC detection tool to determine if a compromise of vulnerable systems has taken place. Meanwhile the White House National Security Council claimed "It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted."



25 Comments

GeorgeBMac 8 Years · 11421 comments

They didn't just jump in.   Those outside hacking groups have been in there hacking all along (from U.S based servers).
But, yeh, let's parrot the Microsoft excuse that they are the helpless victim of state sponsored cyberwarfare.  It fits neatly into the "I hate China" mantra and gets a U.S. company off the hook for again failing to secure their systems.

The U.S. has been the ongoing victim of cybercrimes for over a decade.  The crimes have been committed by foreign terrorists, state sponsored terrorists and by domestic cyberterrorists.   It is time, past time, that the U.S. establish a centralized organization to independently investigate such crimes and attacks (both in terms of who did it, why, and how -- as well as who left the door unlocked) as well as to develop ways to protect us from them -- including prison time for domestic cyberterrorists and repercussions for international ones (whether sponsored by a state or operating privately. 

We did not tolerate a president steeling data from a political opponent.  We did not tolerate terrorists blowing our buildings.  So why do we tolerate terrorists blowing up an organization's information systems and stealing their data?

Obviously more of the same will only get us more of the same.
... Oh yeh, never mind.   We definitely need more F35's and Aircraft carriers.  So we just can't afford to protect ourselves from the real enemies.  

tzeshan 14 Years · 2350 comments

They didn't just jump in.   Those outside hacking groups have been in there hacking all along (from U.S based servers).

But, yeh, let's parrot the Microsoft excuse that they are the helpless victim of state sponsored cyberwarfare.  It fits neatly into the "I hate China" mantra and gets a U.S. company off the hook for again failing to secure their systems.

The U.S. has been the ongoing victim of cybercrimes for over a decade.  The crimes have been committed by foreign terrorists, state sponsored terrorists and by domestic cyberterrorists.   It is time, past time, that the U.S. establish a centralized organization to independently investigate such crimes and attacks (both in terms of who did it, why, and how -- as well as who left the door unlocked) as well as to develop ways to protect us from them -- including prison time for domestic cyberterrorists and repercussions for international ones (whether sponsored by a state or operating privately. 

We did not tolerate a president steeling data from a political opponent.  We did not tolerate terrorists blowing our buildings.  So why do we tolerate terrorists blowing up an organization's information systems and stealing their data?

Obviously more of the same will only get us more of the same.
... Oh yeh, never mind.   We definitely need more F35's and Aircraft carriers.  So we just can't afford to protect ourselves from the real enemies.  

For decades Microsoft has treated its users as sheep. Because its OS and applications are full of bugs. Mac fans knew this for a long long time. The end result is most Americans don't really know how personal computers work. The jobs are relegated to ITs, Then there is a conflict of interest. The national security agents are mostly computer idiots. To conceal their ignorance of personal computer, they conveniently blame all hacker to foreign governments.

Gaby 6 Years · 194 comments

Microsoft should be held accountable both financially and otherwise for their incompetence and negligence. And I sincerely hope that companies relying on Microsoft etc to secure their systems learn from this mistake. In saying that the U.S gov is as much to blame for their complacency. 

planetary paul 10 Years · 143 comments

I doubt this will change anything. So many organisations have bought fully into the MS dream world and they are not going to admit any mistake. Everyone will be very busy putting out this umpteenth fire, but after that it will be business as usual. 

The saying used to be: "Nobody ever got fired for buying IBM", and the same goes for Microsoft too. It's the perfect lock-in. And MS IT-departments want to be locked in in order to show the need for their size and budgets. Managements love it because it makes them seem more important. 

So I think same old will remain same old.

I wish Apple had continued building their own back end infrastructure, but they left it to MS. Not good for Apple.

danvm 9 Years · 1477 comments

tzeshan said:
They didn't just jump in.   Those outside hacking groups have been in there hacking all along (from U.S based servers).

But, yeh, let's parrot the Microsoft excuse that they are the helpless victim of state sponsored cyberwarfare.  It fits neatly into the "I hate China" mantra and gets a U.S. company off the hook for again failing to secure their systems.

The U.S. has been the ongoing victim of cybercrimes for over a decade.  The crimes have been committed by foreign terrorists, state sponsored terrorists and by domestic cyberterrorists.   It is time, past time, that the U.S. establish a centralized organization to independently investigate such crimes and attacks (both in terms of who did it, why, and how -- as well as who left the door unlocked) as well as to develop ways to protect us from them -- including prison time for domestic cyberterrorists and repercussions for international ones (whether sponsored by a state or operating privately. 

We did not tolerate a president steeling data from a political opponent.  We did not tolerate terrorists blowing our buildings.  So why do we tolerate terrorists blowing up an organization's information systems and stealing their data?

Obviously more of the same will only get us more of the same.
... Oh yeh, never mind.   We definitely need more F35's and Aircraft carriers.  So we just can't afford to protect ourselves from the real enemies.  

For decades Microsoft has treated its users as sheep. Because its OS and applications are full of bugs. Mac fans knew this for a long long time. The end result is most Americans don't really know how personal computers work. The jobs are relegated to ITs, Then there is a conflict of interest. The national security agents are mostly computer idiots. To conceal their ignorance of personal computer, they conveniently blame all hacker to foreign governments.

From what I have seen, MS OS and applications has bugs as every other vendor, including Apple.  Considering they dominate the enterprise, most of the time they have been proved very secure, even though they are not perfect, like this case with Exchange.  But if you look back, I think it has been years since the last time they had a major issue like this in Exchange, or even other server applications and services, including Windows Server and SQL Server.