It had been previously reported that cybersecurity journalists Brian Krebs and Andy Greenberg discovered that as many as 30,000 organizations on the Microsoft Exchange Server had been compromised in an unprecedented email server hack. The hack is believed to originate from a state-sponsored Chinese hacking group known as Hafnium.
That number has now purportedly increased to 60,000 Microsoft Exchange Server customers hacked around the world. Now, even the European Banking Authority admits to being one of the victims.
Also, it seems like Microsoft may have acted a little too late, taking long to realize the severity and issue a patch for it. According to a basic timeline for the Microsoft Exchange hack put together by Krebs, Microsoft admits it became aware of the vulnerabilities in January 2021.
This means it took nearly two months before Microsoft issued its first set of patches. The software giant was originally planning to wait for one of its standard Patch Tuesdays but decided in favour of pushing it out a week early.
Also read:
– Samsung Now Promises Four Years Of Security Updates For Galaxy Devices
– Oppo Overtakes Huawei As Best Selling Smartphone Brand In China
– WhatsApp Is Reportedly Working On Password Protection For Chat Backups
Now, according to MIT Technology Review Hafnium may not be the only threat. The site cites a cybersecurity analyst who claims that there appear to be at least five hacking groups actively exploiting the Exchange Server flaws as of Saturday 6th March 2020.
Government officials are also reportedly scrambling to do something. One state official told Cyberscoop that it’s “a big F’ing deal”. Even the White House press secretary, Jen Psaki, calls it “an active threat”. Multiple US agencies are also referring to its severity.
Patching and mitigation is not remediation if the servers have already been compromised. It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted. https://t.co/HYKF2lA7sn
— National Security Council (@WHNSC) March 6, 2021
If you have a local Microsoft Exchange Server (2010, 2013, 2016, or 2019) installation, you need to patch and scan. Of course, with time the scope of the damage will become clear but it’s best to be safe.
“We are undertaking a whole of government response to assess and address the impact,” reads part of an email from a White House official, according to Bloomberg.
For your daily dose of tech, lifestyle, and trending content, make sure to follow Plat4om on Twitter @Plat4omLive; on Instagram @Plat4om; on LinkedIn at Plat4om; and on Facebook at Plat4om. You can also email us at info@techtalkwithtdafrica.com and join our channel on Telegram at Plat4om. Finally, don’t forget to subscribe to our YouTube channel HERE.