In recent news, a Chinese-based hacker group known as Hafnium doubled its hack count of Microsoft’s Exchange Servers up to nearly 60,000 globally.
These are primarily organizations and their emails that have been targeted across the globe. Moreover, according to BBC, the European Banking Authority had admitted that it was one of those victims.
According to a timeline by KrebsonSecurity, Microsoft was aware of the Exchange Server’s vulnerabilities in early January. However, the MIT Technology reports that Hafnium may not be the only threat as a cybersecurity analyst pointed out at least five hacking groups that exploited the Exchange Server flaws last week.
The White House press secretary Jen Paski called it an “active threat”. Similarly, White House National Security adviser Jake Sullivan warned about the level of impact the threat has.
We are closely tracking Microsoft’s emergency patch for previously unknown vulnerabilities in Exchange Server software and reports of potential compromises of U.S. think tanks and defense industrial base entities. We encourage network owners to patch ASAP: https://t.co/Q2K4DYWQud
— Jake Sullivan (@JakeSullivan46) March 5, 2021
In regards to the patches and fixes, Microsoft has not released any further timelines but instead stated:
“We are working closely with the CISA, other government agencies, and security companies, to ensure we are providing the best possible guidance and mitigation for our customers. The best protection is to apply updates as soon as possible across all impacted systems. We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources.”