Four exploits found in Microsoft’s Exchange Server software have reportedly led to over 30,000 US governmental and commercial organizations having their emails hacked, according to a report by KrebsOnSecurity. Wired is also reporting “tens of thousands of email servers” hacked. The exploits have been patched by Microsoft, but security experts talking to Krebs say that the detection and cleanup process will be a massive effort for the thousands of state and city governments, fire and police departments, school districts, financial institutions, and other organizations that were affected.
Krebs on Security explains, “In each incident, the intruders have left behind a ‘web shell,’ an easy-to-use, password-protected hacking tool that can be accessed over the Internet from any browser. The web shell gives the attackers administrative access to the victim’s computer servers.”
Although the attacks have exploded in recent days, the group has reportedly been taking advantage of the vulnerabilities since early January. In fact, the first attacks were quietly targeting users on January 6, 2021 a day when all eyes were focused on the U.S. Capitol.
It’s likely that there are still details to come about this hack — so far, there hasn’t been an official list of organizations that have been compromised, just a vague picture of the large scale and high-severity of the attack.
A Microsoft spokesperson said that the company is “working closely with the [Cybersecurity and Infrastructure Security Agency], other government agencies, and security companies, to ensure we are providing the best possible guidance and mitigation for our customers,” and that “[t]he best protection is to apply updates as soon as possible across all impacted systems.”