Sources: at least 30K US organizations have been hacked by an aggressive Chinese espionage group exploiting unpatched flaws in Microsoft's Exchange Server
At least 30,000 organizations across the United States — including a significant number of small businesses, towns …
Krebs on Security Brian Krebs
Related Coverage
- Tens of thousands of US organizations hit in ongoing Microsoft Exchange hack Ars Technica · Dan Goodin
- China-Linked Hack Hits Tens of Thousands of U.S. Microsoft Customers Wall Street Journal
- Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims Wired · Andy Greenberg
- Federal officials scramble to assess widening Microsoft Exchange Server fallout CyberScoop · Sean Lyngaas
- Thousands of Microsoft Customers May Have Been Victims of Hack Tied to China New York Times
- Biden administration moving to address a global compromise by Chinese and other hackers of Microsoft email servers Washington Post · Ellen Nakashima
- Four new hacking groups have joined an ongoing offensive against Microsoft's email servers MIT Technology Review · Patrick Howell O'Neill
- Global Hack Breaches Thousands of Microsoft Business Accounts Bloomberg
- At least 30,000 US organizations, small businesses and government offices were victims of Microsoft Exchange hack: Krebs Insider · Fatma Khaled
- Microsoft hack: White House warns of ‘active threat’ of email attack BBC
- Microsoft IOC Detection Tool for Exchange Server Vulnerabilities us-cert.cisa.gov
- View article Neowin
- View article OnMSFT.com
- Microsoft Exchange Server Vulnerabilities Mitigations - updated March 6, 2021 Microsoft Security …
- As Microsoft email software hack spreads, experts brace for more impact Reuters
- Weekend Reading — Pick fewer battles than that Labnotes · Assaf Arkin
- Protecting against recently disclosed Microsoft Exchange Server vulnerabilities: CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065 The Cloudflare Blog · Patrick R. Donahue
- Microsoft Exchange Server Zero-Day Exploit Could Have Thousands of Victims Channel Futures · Jeffrey Schwartz
- View article CNET
- Move over, SolarWinds: 30,000 orgs' email hacked via Microsoft Exchange Server flaws The Verge · Mitchell Clark
- Hackers Have Exploited at Least 30,000 Exchange Servers Thurrott · Paul Thurrott
- Government briefed on breach of at least 30,000 Microsoft Exchange Servers SC Media · Joe Uchill
- Microsoft release tool to help you see if your Exchange server has been compromised by Hafnium MSPoweruser · Surur
- microsoft / CSS-Exchange GitHub
- Microsoft Exchange exploited to hack 30,000 US organization emails TechSpot · Joe White
- Ongoing & enormous Microsoft Exchange server hack hits 30,000 US groups AppleInsider · Malcolm Owen
- Forget SolarWinds, Microsoft Email Server Flaws Left 30,000 US Orgs Hacked And Pwned HotHardware.com News · Ben Funk
- US small businesses reportedly targeted by Chinese hackers using Microsoft email flaw New York Post · Isabel Vincent
- Warning: ‘Hundreds Of Thousands’ Of Microsoft Servers Hacked In Ongoing Attack Forbes · Davey Winder
- View article CNN
- Microsoft email server flaws exploited to hack at least 30,000 US organizations Engadget · Mariella Moon
- Microsoft Shares Additional Mitigations for Exchange Server Vulnerabilities Under Attack SecurityWeek · Mike Lennon
- At Least 30,000 US Organizations Newly Hacked Via Holes In Microsoft's Email Software Slashdot · BeauHD
- View article Financial Times
- At Least 30,000 U.S. Organizations Newly Hacked via Holes in Microsoft's Email Software Daring Fireball · John Gruber
- Hackers Steal Email From 30K US Orgs Via Microsoft Flaw: Report CRN · Michael Novinson
Discussion
-
@briankrebs
@briankrebs
on x
Sources who've briefed U.S. national security advisors say >30K U.S. organizations hacked by newly-found holes in Microsoft's Exchange email products, and that 100s of thousands of victim organizations worldwide now have web-based backdoors installed. https://krebsonsecurity.com/…
-
@briankrebs
@briankrebs
on x
Experts interviewed described the cleanup effort required from this attack as “urgent,” “unprecedented” and “Herculean.” From the list of victims I've seen so far, the scope of this attack is fairly staggering. https://twitter.com/...
-
@malwaretechblog
@malwaretechblog
on x
Working in cybersecurity this past year https://twitter.com/... https://twitter.com/...
-
@jason
@jason
on x
We need to take a stronger stance against the CCP's hacking activity & human rights record https://krebsonsecurity.com/ ...
-
@fireeye
@fireeye
on x
.@Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment. So we built #threathunting campaigns to identify additional Exchange Server abuse. Learn more: https://www.fireeye.com/... https://twitter.com/...
-
@campuscodi
Catalin Cimpanu
on x
...and not all by APTs Don't flatter yourself. Your small flower shop is getting raided by ransomware gangs, not APT41 & friends https://twitter.com/...
-
@evacide
Eva
on x
Meanwhile, back at infosec, everyone who runs an Exchange server is having a very bad day: https://www.wired.com/...
-
@johnhultquist
John Hultquist
on x
Important to remember that China doesn't want all these targets. Like other recent incidents broad footholds will allow them to select victims that offer the intelligence or access they want most. https://twitter.com/...
-
@danlinden
Dan Linden
on x
Well, this sounds pretty bad. https://twitter.com/...
-
@c_c_krebs
Chris Krebs
on x
Thoughts on the Hafnium Exchange hack: (1) it's going to disproportionately impact those that can least afford it (SMBs, Edu, States, locals), (2) incident response teams are BURNED OUT & this is at a really bad time, (3) few orgs should be running exchange servers these days. ht…
-
@sogonsec
Chris Humphries
on x
That sucks for a lot of IT and sysadmins out there this weekend, especially the ones that didn't patch (patching Exchange servers on patch Tuesday usually doesn't happen to having to test the patches out first or roll out at a time of their choosing). Hits bigly. https://twitter.…
-
@kimzetter
Kim Zetter
on x
Some 30,000 US entities have been hacked through the four Exchange server vulns that Microsoft patched this wk - the vulns allow hackers to steal email from victims. Victims include “a significant number of small businesses, towns, cities and local govs” https://twitter.com/...
-
@artemr
Artem Russakovskii
on x
This is why you should never send sensitive info via email. Attach files using Dropbox or Drive and remove when they've been received. https://krebsonsecurity.com/ ...
-
@mandiant
@mandiant
on x
Earlier this week, @Microsoft shared #zeroday vulnerabilities used to attack on-prem versions of Microsoft Exchange Server. Managed Defense found multiple instances of abuse in at least one client environment starting in Jan. 2021. ▶️ Get the details: https://www.fireeye.com/... …
-
@campuscodi
Catalin Cimpanu
on x
Regarding recent exchange zero-days: FireEye says that based on their telemetry, they have identified “an array of affected victims including US-based retailers, local governments, a university, and an engineering firm” https://www.fireeye.com/... https://twitter.com/...
-
@iamshley_a
Iamshley.A
on x
New blog alert by @anthomsec, @_bromiley, and co. on the Microsoft Exchange Zero-Days. Details on web shells seen, investigation tips, and IOCs with Last Know True timestamps. 👀https://www.fireeye.com/ ...
-
@brianmfloyd
Brian Floyd
on x
So basically everything has been hacked at this point https://www.wired.com/...
-
@briankrebs
@briankrebs
on x
Microsoft today released emergency updates to plug 4 security holes in Exchange Server 2013-19. Microsoft and others say a previously unidentified Chinese cyber espionage group is using the flaws to plunder email communications at targeted organizations. https://krebsonsecurity.c…
-
@c_c_krebs
Chris Krebs
on x
This is a crazy huge hack. The numbers I've heard dwarf what's reported here & by my brother from another mother (@briankrebs). Why, though? Is this a flex in the early days of the Biden admin to test their resolve? Is it an out of control cybercrime gang? Contractors gone wild? …
-
@gossithedog
Kevin Beaumont
on x
Here is an official MS nmap script which identifies if your systems are vulnerable to Exchange vulns, regardless of the CU/SU situation. No authentication required. InfoSec peeps, use it to find your systems and validate patching. https://github.com/...
-
@wsjtech
@wsjtech
on x
A cyberattack on Microsoft's Exchange email software is believed to have infected tens of thousands of businesses, government offices and schools in the U.S. https://www.wsj.com/...
-
@balajis
@balajis
on x
“The truth is, if you're running Exchange and you haven't patched this yet, there's a very high chance that your organization is already compromised.” https://twitter.com/...
-
@dnvolz
Dustin Volz
on x
Estimates for the size of the Microsoft Exchange hack have varied widely among experts and people probing the attack. Multiple people said more than 100,000 servers worldwide are likely victimized, and some said it eclipsed 250,000. https://www.wsj.com/...
-
@carriecordero
Carrie Cordero
on x
There are plenty of smart people working in USG, industry, academia etc on cybersecurity. There is an entire cybersecurity ecosystem that's been built over many years. But we keep getting pummeled. Something about the US approach is fundamentally broken. https://krebsonsecurity.c…
-
@nakashimae
Ellen Nakashima
on x
NEW: Biden administration moving to address a global compromise by Chinese and other hackers of Microsoft email servers. It's looking at standing up an emergency group to address the issue, officials say. https://www.washingtonpost.com/ ...
-
@digiphile
Alex Howard
on x
@briankrebs This piece by @nakashimae went up ~ 3 PM, a couple hours after your tweet, & attributed you: https://www.washingtonpost.com/ ... (I'd call you an independent investigative journalist, but whatever.) WaPo reporting ~30,000 entities affected; are you seeing this is much…
-
@nytimes
@nytimes
on x
At least 30,000 Microsoft customers' data have been compromised in an aggressive hacking campaign that the company said was likely sponsored by China. The attack is already believed to be bigger than the December intrusion by Russian hackers. https://www.nytimes.com/...
-
@gordoncorera
Gordon Corera
on x
“the Chinese theft of email seemed stealthy and targeted......Then suddenly about a week ago, shortly before Microsoft issued its patch, the activity exploded.....It was, he said, almost as if they suspected a patch was forthcoming” 🤔 https://www.washingtonpost.com/ ...
-
@briankrebs
@briankrebs
on x
We're not anywhere near being able to judge yet how bad either incident really is. Much depends on whether this adversary is OK w/ being even bolder, & using their backdoors to get deeper into victim networks. They were in a hurry to pwn all these servers, why not sweep the leg? …
-
@briankrebs
@briankrebs
on x
Blown away that some of the largest media outlets including NYT and WaPo still have nothing about this mass Exchange server hack on hundreds of thousands of organizations. Esp. now that govies are saying it's a giant mess domestically and worldwide. https://krebsonsecurity.com/ .…
-
@a_greenberg
Andy Greenberg
on x
Confirming @briankrebs reporting that Chinese group Hafnium has now exploited Microsoft Exchange zero-days to hack tens of thousands of networks. One researcher says 30k servers in the US alone, hundreds of thousands globally. “China just owned the world.” https://www.wired.com/.…
-
@ericgeller
Eric Geller
on x
The fallout from the Microsoft Exchange Server vulnerabilities continues to grow. In the days before Microsoft patched the flaws, the Chinese hackers who had been quietly exploiting them abandoned stealth and started hunting for vulnerable systems worldwide. https://twitter.com/.…
-
@dnvolz
Dustin Volz
on x
The potential scale of this hack is hard to overstate, with estimates of global victims into the hundreds of thousands. CISA held a call Friday with more than 4,000 critical infrastructure partners and state/local governments urging immediate patching. https://www.wsj.com/...
-
@ahmalcolm
Andrew Malcolm
on x
Another large cyberhack linked to China and our response is zip. Why? https://www.wsj.com/...
-
@ravivtamir
@ravivtamir
on x
Observed volume of copycat attacks is growing. Microsoft's strong recommendation is to patch patch patch... https://msrc-blog.microsoft.com/ ...
-
@somospostpc
@somospostpc
on x
America spends so much time worried about Huawei routers in other countries only to get massively hacked every month through Microsoft services https://twitter.com/...
-
@kevthehermit
@kevthehermit
on x
Is it just me or is the webshell in the @FireEye report on #HAFNIUM https://www.fireeye.com/... almost identical to the TwoFace shell reported by @PaloAltoNtwks https://unit42.paloaltonetworks.com/ ... in 2017. https://twitter.com/...
-
@felixsalmon
Felix Salmon
on x
“China just owned the world—or at least everyone with Outlook Web Access.” https://www.wired.com/...
-
@gavinsbaker
Gavin Baker
on x
Why would anyone be running their own Exchange server in 2021? https://krebsonsecurity.com/ ...
-
@indopac_info
@indopac_info
on x
A #China-linked hack on Microsoft email software has hit thousands of #US businesses, government offices and schools, people briefed on the matter said Attack comes as many companies are racing to install a software fix https://www.wsj.com/...
-
@margbrennan
Margaret Brennan
on x
“Many of those victims of the attack, which Microsoft has said was carried out by a network of suspected Chinese hackers, appear to be small businesses and state & local governments...Tens of thousands of customers appear to have been affected...” https://www.wsj.com/...
-
@baldingsworld
@baldingsworld
on x
I don't think people grasp the depth and breadth of Chinese info gathering. So when I see uninformed nonsense drivel from so called experts that blocking Huawei is similar to the Great Firewall, it is more than just bad work it is dangerous and wrong https://www.wsj.com/...
-
@dabeard
David Beard
on x
“The initial avenue of attack was discovered by prominent Taiwanese cyber researcher Cheng-Da Tsai, WHO SAID HE REPORTED THE FLAW TO MICROSOFT IN JANUARY.” https://www.reuters.com/...
-
@nixcraft
@nixcraft
on x
Awful. I feel bad for sysadmins who are managing Microsoft Exchange Server email software right now. At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft's Email Software https://krebsonsecurity.com/ ...
-
@geneva_sands
Geneva Sands
on x
The Biden administration is increasingly sounding the alarm over a series of newly discovered cyber intrusions that Microsoft said this week were linked to China https://www.cnn.com/... ... w/ @b_fung @MarquardtA
-
@gossithedog
Kevin Beaumont
on x
Mitigations for Exchange vulnerabilities if you cannot at present patch https://msrc-blog.microsoft.com/ ...
-
@lopp
Jameson Lopp
on x
YOU get a backdoor! And YOU get a backdoor! And YOU get a backdoor! https://twitter.com/...
-
@suka_hiroaki
Andreas Proschofsky
on x
This is bad. Like in: Really, really bad. https://twitter.com/...
-
@stephaniecarvin
Stephanie Carvin
on x
I wonder what password the intern used this time. https://twitter.com/...
-
@0xmatt
One Matt among many
on x
The loud sucking sound you hear is the inertia of thousands of companies beginning to migrate their on-prem email to cloud-hosted SAAS solutions https://twitter.com/...