{"id":24359,"date":"2021-03-16T12:04:42","date_gmt":"2021-03-16T19:04:42","guid":{"rendered":"https:\/\/evolvemga.com\/?p=24359"},"modified":"2021-03-16T14:54:58","modified_gmt":"2021-03-16T21:54:58","slug":"microsoft-exchange-hack-simplified","status":"publish","type":"post","link":"https:\/\/evolvemga.com\/microsoft-exchange-hack-simplified\/","title":{"rendered":"Microsoft Exchange Hack: Simplified"},"content":{"rendered":"[vc_row type=”in_container” full_screen_row_position=”middle” column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” scene_position=”center” top_padding=”0″ text_color=”dark” text_align=”left” row_border_radius=”none” row_border_radius_applies=”bg” overlay_strength=”0.3″ gradient_direction=”left_to_right” shape_divider_position=”bottom” bg_image_animation=”none” shape_type=””][vc_column column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_shadow=”none” column_border_radius=”none” column_link_target=”_self” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” tablet_text_alignment=”default” phone_text_alignment=”default” column_border_width=”none” column_border_style=”solid” bg_image_animation=”none”][divider line_type=”Full Width Line” line_thickness=”1″ divider_color=”default”][vc_column_text]\n

Email server vulnerabilities have lead to the biggest hack attack of 2021 (by far).
\n<\/strong><\/h2>\n[\/vc_column_text][divider line_type=”Full Width Line” line_thickness=”1″ divider_color=”default”][divider line_type=”No Line”][vc_row_inner column_margin=”default” column_direction=”default” column_direction_tablet=”default” column_direction_phone=”default” text_align=”center”][vc_column_inner column_padding=”no-extra-padding” column_padding_tablet=”inherit” column_padding_phone=”inherit” column_padding_position=”all” background_color_opacity=”1″ background_hover_color_opacity=”1″ column_shadow=”none” column_border_radius=”none” column_link_target=”_self” gradient_direction=”left_to_right” overlay_strength=”0.3″ width=”1\/1″ tablet_width_inherit=”default” column_border_width=”none” column_border_style=”solid” bg_image_animation=”none”][vc_column_text]\n

The Basics of the Attack<\/span><\/span><\/strong><\/h2>\n

What Happened?<\/span><\/strong><\/h3>\n

Hackers have accessed the Microsoft Exchange servers and email history of at least 30,000<\/a> American businesses.<\/p>\n

\n

Tom Burt, Microsoft’s VP for Customer Security & Trust, explained<\/a> that “First, hackers would gain access to an Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create what\u2019s called a web shell to control the compromised server remotely. Third, it would use that remote access \u2013 run from the U.S.-based private servers \u2013 to steal data from an organization\u2019s network.”<\/p>\n

It must be noted that this attack has not impacted businesses running cloud-based versions of Microsoft Exchange. Rather these attacks have hit companies using on-premise<\/a> Exchange servers in conjunction with Microsoft Outlook Web Access (OWA).<\/p>\n<\/div>\n

Who’s Doing the Hacking?<\/span><\/strong><\/h3>\n

From Microsoft’s initial press release<\/a>… “Today, we\u2019re sharing information about a state-sponsored threat actor identified by the Microsoft Threat Intelligence Center (MSTIC) that we are calling Hafnium. Hafnium operates from China, and this is the first time we\u2019re discussing its activity. It is a highly skilled and sophisticated actor.<\/p>\n

Historically, Hafnium primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs. While Hafnium is based in China, it conducts its operations primarily from leased virtual private servers (VPS) in the United States.”<\/p>\n

Who Is Hafnium Targeting?<\/strong><\/span><\/h3>\n

Among the 30,000 organizations that have been hit in the attack, Hafnium appears to have specifically targeted:<\/p>\n