Your IT Consultant

Information Technology Blog
by John W. Simek, Vice President of Sensei Enterprises, Inc.

Chinese Group Attacking Unpatched Exchange Servers

March 4, 2021

If you still have an Exchange server on-premises, patch it now! Graham Cluley reported that Microsoft has released an emergency update that patches four zero-day vulnerabilities in Exchange. Microsoft believes that the attacks are being carried out by a state-sponsored Chinese hacking group called “Hafnium.” Researchers from Volexity originally discovered the attacks as early as January 6, 2021. The attackers are able to access email accounts and plant additional malware. Volexity saw attackers “writing Web shells to disk and conducting operations to dump credentials, add user accounts, steal copies of Active Directory databases, and move laterally to other systems.” Pretty scary stuff.

The impacted versions of Microsoft Exchange are:

  • Microsoft Exchange Server 2013
  • Microsoft Exchange Server 2016
  • Microsoft Exchange Server 2019

Exchange Online and subscribers of Microsoft 365 are not affected. The message is clear…install the patch now.

Email:  Phone: 703.359.0700
Digital Forensics/Cybersecurity/Information Technology
https://www.linkedin.com/in/johnsimek
https://amazon.com/author/johnsimek
https://senseient.com