Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Chinese Group Attacking Unpatched Exchange Servers

March 4, 2021

If you still have an Exchange server on-premises, patch it now! Graham Cluley reported that Microsoft has released an emergency update that patches four zero-day vulnerabilities in Exchange. Microsoft believes that the attacks are being carried out by a state-sponsored Chinese hacking group called “Hafnium.” Researchers from Volexity originally discovered the attacks as early as January 6, 2021. The attackers are able to access email accounts and plant additional malware. Volexity saw attackers “writing Web shells to disk and conducting operations to dump credentials, add user accounts, steal copies of Active Directory databases, and move laterally to other systems.” Pretty scary stuff.

The impacted versions of Microsoft Exchange are:

Microsoft Exchange Server 2013
Microsoft Exchange Server 2016
Microsoft Exchange Server 2019

Exchange Online and subscribers of Microsoft 365 are not affected. The message is clear…install the patch now.

Email: Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com

John W. Simek
Vice President

Subscribe in a Reader

Cookie	Duration	Description
cookielawinfo-checbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Your IT Consultant

Chinese Group Attacking Unpatched Exchange Servers

Subscribe for More!

Popular Categories

Listen to the Podcast

Disclaimer