In January, 2021 four zero-day exploits were discovered in on-premises version of Microsoft Exchange Servers. This began a global wave of cyberattacks and data breach. The hackers gained access to the user’s email and password and also granted them access to the connected devices on the same network.
How Microsoft Exchange Was Hacked
Attackers installed a backdoor that gave them full access to the impacted servers. Although, the server was updated later to ‘no longer be vulnerable to the original exploits’. As of 9 March 2021, it was believed that around 250,000 servers were impacted by this and became the victim of the attacks.
These servers included around 30,000 organizations in America, almost 7,000 servers in the United Kingdom and also the European Banking Authority, the Norwegian Parliament, and Chile’s Commission for the Financial Market.
Who was behind the Microsoft Cyberattacks?
Microsoft said in its statement that the attack was carried out by Hafnium, a hacking group sponsored by China. They are the advanced persistent threat group that operates somewhere outside of China. Hafnium is also known to install the web shell China Chopper.
Microsoft has categorized Hafnium as a highly skilled and sophisticated group. Hafnium is historically known to target organizations in the United States for the purpose of stealing information. It has targeted multiple sectors like law firms, infectious disease researchers, higher education bodies, defense system, policy making bodies and NGOs.
Microsoft said that this was the eighth cyberattacks in the past 12 months. Microsoft has publicly disclosed these hackers are targeting institutions which are important for civil society.
According to Microsoft, there were nine hacking groups other than Hafnium. All of these groups have been exploiting the vulnerabilities of the server in different manners and procedures.
Was Brian Krebs involved in Microsoft’s Cyberattack?
Brian Krebs, an expert in cyber security has claimed that he did not have anything to do with the hacking of MS Exchange server. The new reports had emphasized that someone had indeed compromised over 21,000 Microsoft Exchange Server email systems worldwide.
Let’s just get this out of the way right now: It wasn’t me, Krebs said in a blog post.
Krebs also went ahead and emphasized that the non-profit organization The Shadow server Foundation helped several network owners in identifying and fixing the security threat.
On 26 March, The Shadow server Foundation witnessed an attempt for the installation of a new type of backdoor in the compromised Exchange servers. The backdoor was installed in the same place in each hacked host. According to a report made by the Shadow server, 21,248 Microsoft Exchange servers were recently compromised and were communicating with brian krebson security.
However Brian Krebs has disregarded any claim of his involvement in the cyberattacks.
Stay Updated With EveDonus Film for all the latest updates.
