Search

» » Microsoft Exchange Cyberattack: Hafnium Email Hacking Timeline and Incident Details - MSSP Alert

Microsoft Exchange Cyberattack: Hafnium Email Hacking Timeline and Incident Details - MSSP Alert

sutitong.blogspot.com

by Joe Panettieri • Mar 7, 2021

A Microsoft Exchange Server cyberattack and email hack apparently impacted thousands of on-premises email customers, small businesses, enterprises and government organizations worldwide.

The following links summarize steps that MSPs and MSSPs can take to patch Exchange Server for customers. But patching is not enough to kick hackers out of compromised Exchange Server systems.

Follow each of the links, compiled by the CISA, to learn how to determine whether your customers’ Exchange Server systems were compromised:

  1. Microsoft Advisory: Multiple Security Updates Released for Exchange Server
  2. Microsoft Blog: HAFNIUM targeting Exchange Servers with 0-day exploits
  3. Microsoft GitHub Repository: CSS-Exchange
  4. CISA Alert: Mitigate Microsoft Exchange Server Vulnerabilities
  5. CISA Emergency Directive 21-02: Mitigate Microsoft Exchange On-Premises Product Vulnerabilities

Meanwhile, the timeline below tracks the Microsoft Exchange Server cyberattack, software patches for the email server platform, corrective measures for MSPs and MSSPs that are assisting customers, and the Microsoft’s ongoing investigation into the attack.

Microsoft Exchange Server Cyberattack Timeline

Sunday, March 7, 2021: Multiple Updates…

  • Microsoft released an updated script that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities. Source: Microsoft, March 7, 2021.
  • The White House urged computer network operators to take further steps to gauge whether their systems were targeted amid a hack of Microsoft’s email program, saying a recent software patch still left serious vulnerabilities. Source: Reuters, March 7, 2021.
  • The hack has impacted at least 60,000 Microsoft customers worldwide. Source: Bloomberg, March 7, 2021.

Saturday, March 6, 2021: The Exchange Server hack may have infected tens of thousands of businesses, government offices and schools in the U.S. One source suggests the impact could extend across 250,000, organizations. Source: The Wall Street Journal, March 6, 2021.

Friday, March 5, 2021: Patching Exchange Server isn’t enough. Amid that reality, Microsoft strongly recommends customers investigate their Exchange deployments using the hunting recommendations here to ensure that they have not been compromised. Also, Microsoft shares a nmap script to help you discover vulnerable servers within your own infrastructure. Source: Microsoft, March 5, 2021.

Wednesday, March 3, 2021:

  • MSP & MSSP Implications: Cybersecurity service provider Huntress describes the Exchange Server hack and the potential implications for MSPs and MSSPs.
  • CISA Alert Says Patching Isn’t Enough: A CISA (Cybersecurity and Infrastructure Security Agency) alert tells organizations running Exchange Server to examine their systems for the TTPs ( tactics, techniques and procedures and IOCs (indicators of compromise) to detect any malicious activity. If an organization discovers exploitation activity, they should assume network identity compromise and follow incident response procedures. If an organization finds no activity, they should apply available patches immediately and implement the mitigations in this Alert. Source: CISA, March 3, 2021.

Tuesday, March 2, 2021: Multiple updates…

  • The Attacker: Microsoft alleges that a state-sponsored threat actor called Hafnium, which operates from China, launched the attacks against Exchange Server.
  • Microsoft Discloses Exchange Server Hacks, Patches: Microsoft released multiple Exchange Server software patches to address e-mail server vulnerabilities that hackers are exploiting in the wild.

January 2021: The attacks were first detected but not publicly disclosed in January 2021, according to these updates…

  • Volexity: Security monitoring service provider Volexity discovers anomalous activity from two of its customers’ Microsoft Exchange servers. Source: Veloxity, March 2, 2021.
  • Mandiant from FireEye: Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment. The observed activity included creation of web shells for persistent access, remote code execution, and reconnaissance for endpoint security solutions. Source: FireEye’s Mandiant, March 4, 2021.

Check this blog regularly for ongoing timeline updates.

Let's block ads! (Why?)



"exchange" - Google News
March 07, 2021 at 10:55PM
https://ift.tt/30m7rHu

Microsoft Exchange Cyberattack: Hafnium Email Hacking Timeline and Incident Details - MSSP Alert
"exchange" - Google News
https://ift.tt/3c55nbe
https://ift.tt/3b2gZKy
Exchange

Bagikan Berita Ini

0 Response to "Microsoft Exchange Cyberattack: Hafnium Email Hacking Timeline and Incident Details - MSSP Alert"

Post a Comment

Subscribe to: Post Comments (Atom)
Powered by Blogger.