As Hafnium timeline crystalizes, signs of new Microsoft Exchange Server attacks emerge

A surge of breaches against Microsoft Exchange Server appear to have rolled out in phases, with signs also pointing to other hackers using the same vulnerabilities after Microsoft announced a patch.

Last week, Microsoft patched four Exchange Server vulnerabilities being used by a hacker group in “targeted and limited” breaches. But as vendors rushed to patch systems, breaches did not appear limited at all. By Wednesday, Huntress Labs told SC Media it was seeing hundreds of breached servers. By the weekend, some researchers were speculating the number of breached systems could reach a hundred thousand.

“I think the statement made by Microsoft, that it was initially very targeted is probably correct; Hafnium or whoever is behind this, was very focused in their initial attack, prior to February 27th,” said Tyler Hudak, who is leading the incident response effort for vendor TrustedSec. “On the 27th, that’s when it moves to a much larger scale.”

Please register to continue.

Already registered? Log in.

Once you register, you’ll receive:

  • News analysis

    The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.

  • Archives

    Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.

  • Daily Newswire

    SC Media’s essential morning briefing for cybersecurity professionals.

  • Learning Express

    One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.

Next post in Data Breach

Next Post

Leave a Reply

Your email address will not be published. Required fields are marked *

Login to your account below

Fill the forms bellow to register

Retrieve your password

Please enter your username or email address to reset your password.