IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more

NCSC issues Exchange hack warning as Microsoft probes security partner leak

An estimated 7,000 UK servers have been affected by the vulnerabilities and only half have been secured

The National Cyber Security Centre (NCSC) has urged businesses to patch against recently disclosed vulnerabilities in Exchange as Microsoft investigates whether hackers exploiting the flaws had obtained information from its security partners.

Businesses should install the latest Microsoft Exchange updates “as a matter of urgency”, as well as search their systems for evidence of compromise, according to the latest advice from the NCSC. The government agency asked any affected UK organisations to disclose “any suspected compromises” via the NCSC cyber security incident reporting website.

The agency has confirmed that an estimated 7,000 UK servers had been affected by the vulnerabilities, of which around half have already been secured.

NCSC director for Operations Paul Chichester said that “organisations should also be alive to the threat of ransomware and familiarise themselves with [the NCSC’s] guidance”. 

Chichester said that the agency is “working closely with industry and international partners to understand the scale and impact of UK exposure, but it is vital that all organisations take immediate steps to protect their networks”.

“Whilst this work is ongoing, the most important action is to install the latest Microsoft updates,” he added.

The guidance came as Microsoft launched an investigation into whether an unnamed Microsoft security partner, which had access to sensitive information on the vulnerabilities behind the attacks, had leaked the intelligence to hacking groups – and whether it had done so by accident or on purpose.

Insider sources told the Wall Street Journal that the tech giant was in the process of reviewing the Microsoft Active Protections Program (Mapp), an information-sharing programme launched in 2008 with the aim of providing security companies a head start in detecting cyber security threats. 

A number of Mapp partners had knowledge of the vulnerabilities since 23 February, a week prior to the release of patches and the launch of the attacks, according to the sources. Out of the estimated 80 organisations involved in the programme globally, about 10 are based in China – where the state-sponsored Hafnium group is said to be operating from.

Related Resource

Managing security risk and compliance in a challenging landscape

How key technology partners grow with your organisation

How to manage security risk and compliance - whitepaperDownload now

Hafnium has been accused of orchestrating the attacks immediately after they were first reported, with Microsoft’s corporate VP of Customer Security & Trust, Tom Burt, saying that “while Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States”.

“Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defence contractors, policy think tanks and NGOs,” he said, adding that the group “engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software”.

However, since then it has been revealed that at least 10 other hacking groups were also involved in exploiting the Exchange Server vulnerabilities.

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

What is cyber warfare?
Security

What is cyber warfare?

20 May 2022
Mastering endpoint security implementation
Security

Mastering endpoint security implementation

18 May 2022
The Total Economic Impact™ of Apple Mac in Enterprise: M1 update
Whitepaper

The Total Economic Impact™ of Apple Mac in Enterprise: M1 update

12 May 2022
Dell Technologies World 2022: Dell unveils fastest storage architecture in company history
Server & storage

Dell Technologies World 2022: Dell unveils fastest storage architecture in company history

4 May 2022

Most Popular

Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022
Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022