IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

‘Hundreds of thousands’ of victims in Microsoft Exchange Server attacks

Even if you patched the same day Microsoft released fixes, there’s every chance a web shell is on your server

There are potentially hundreds of thousands of victims from cyber attacks exploiting newly-discovered Microsoft Exchange Server vulnerabilities, with the White House urging businesses to patch their systems immediately.

US-based victims exceed 30,000 including small businesses, towns and cities as well as local government organisations, according to security researcher Brian Krebs, with Chinese hackers determined to steal their email communications.

This figure, however, only represents a portion of “hundreds of thousands” of servers that state-backed Chinese hackers have seized, based on information provided to Krebs by two security experts. Each targeted server, deployed to process email communications, represents roughly one organisation here. 

“This is an active threat,” White House press secretary Jen Psaki said at a press briefing, as reported by BBC News. “Everyone running these servers - government, private sector, academia - needs to act now to patch them." 

She added that the White House was concerned “there are a large number of victims” and that these vulnerabilities discovered last week could have “far-reaching impacts”.

Microsoft patched four actively exploited flaws in several versions of its Microsoft Exchange Server service last week, which attackers were taking advantage of to steal emails from web-facing systems running the software. 

In these attacks, the perpetrators left behind a password-protected web shell that could be accessed from anywhere, giving them administrative access to victims’ servers.

The company also warned businesses that this charge was being led by state-backed hackers, specifically the Hafnium group, although refrained from disclosing how many victims there were at the time.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

The US Cybersecurity and Infrastructure Security Agency (CISA) then ordered US federal agencies to immediately patch their Exchange Server installations, or disconnect the programme until it can be reconfigured, for fear of falling victim to hacking attempts.

“Patching and mitigation is not remediation if the servers have already been compromised,” the White House’s National Security Council also tweeted. “It is essential that any organization with a vulnerable server take immediate measures to determine if they were already targeted.”

Vice president of Volexity, Steven Adair, who first reported the Exchange flaws to Microsoft, also told KrebsonSecurity that the hacking group first exploited these bugs on 6 January, but shifted into a much higher gear over the last few days.

“Even if you patched the same day Microsoft published its patches, there’s still a high chance there is a web shell on your server,” he said. “The truth is, if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised.”

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Microsoft launches low-code Power Pages for 'intuitive' web development
web development

Microsoft launches low-code Power Pages for 'intuitive' web development

24 May 2022
Windows 11's nifty new search feature has one major downside
Microsoft Windows

Windows 11's nifty new search feature has one major downside

23 May 2022
What is cyber warfare?
Security

What is cyber warfare?

20 May 2022
Microsoft says it's provided over $100 million in tech support to Ukrainian government
cyber attacks

Microsoft says it's provided over $100 million in tech support to Ukrainian government

20 May 2022

Most Popular

Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

13 May 2022
Microsoft finally adds Power BI integrations to PowerPoint and Outlook
business intelligence (BI)

Microsoft finally adds Power BI integrations to PowerPoint and Outlook

25 May 2022