Criminal hacking groups piling on to escalating Microsoft Exchange crisis

By Malcolm Owen

The Microsoft Exchange Server hack is becoming an even bigger security problem, due to an influx of more hacking groups attempting to take advantage of the situation before affected companies can patch their servers.

Revealed on March 3 by Microsoft, an attack by Chinese hacking group "Hafnium" targeted vulnerabilities in Microsoft Exchange Server, prompting the release of patches. Shortly after the announcement, Hafnium stepped up its attacks to hit 30,000 U.S. organizations and others around the world within a few days, but now others have joined the fray.

Security experts told the Financial Times that more hacking groups are using the opportunity to perform their own attacks using the same vulnerability. The hackers, including criminal groups, are stepping in to take advantage of the software flaws before organizations hosting servers can patch and protect them.

For many, it is probably too late to preemptively patch the issue. "Every possible victim that hadn't patched by mid-to-end of last week has already been hit by at least one or several actors," proposed security group CrowdStrike co-founder Dmitri Alperovitch.

Outside of the United States, the European Banking Authority became the first major public body to confirm it was compromised by attacks.

The scale of the inflated attacks will be a serious problem for some time, prompting governmental intervention. The Cybersecurity and Infrastructure Security Agency (CISA) has urged "All organizations across all sectors to follow guidance to address the widespread domestic and international exploitation" of the vulnerabilities.

There is also advice to use of Microsoft's IOC detection tool to determine if a compromise of vulnerable systems has taken place. Meanwhile the White House National Security Council claimed "It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted."