Skip to main content
close search
site logo
Dive Brief

Microsoft Exchange server compromise escalates as mitigation efforts fall short

Published March 8, 2021
David Jones's headshot
Reporter
Elijah O'Donnell for Unsplash

Dive Brief:

  • An attack by suspected nation-state actors on Microsoft Exchange Server is rapidly growing in scope as researchers and industry officials warn that thousands of systems across the country are at risk. Officials said a patch issued earlier in the week by Microsoft may not work on already compromised systems.
  • More than 30,000 organizations across the U.S. have already been hit by the attack, according to a Friday report by KrebsonSecurity. The attack, which uses webshells to exploit vulnerabilities in Exchange Server, has primarily focused on stealing emails and other information from companies, local governments and other organizations. 
  • Microsoft over the weekend released a detection tool to scan for indicators of compromise associated with the vulnerabilities in Microsoft Exchange.

Dive Insight:

Researchers and government officials scrambled throughout the weekend to manage the rapidly growing scope of the attacks, as initial mitigation strategies from Microsoft fell short of containing the situation. 

"Unfortunately there has been a lot of uncertainty and confusion in the patching process," John Hammond, senior security researcher at Huntress said via email. "This is becoming more and more of a widespread attack, with the scope ever-increasing as organizations struggle to patch."

During the daily briefing on Friday, White House press secretary Jen Psaki called the Microsoft Exchange situation a "significant vulnerability that could have far reaching impacts." 

She acknowledged a late Thursday tweet from national security advisor Jake Sullivan, who said the breach was being closely tracked and reiterated the administration's concerns about the defense industrial base and the impact on U.S. think tanks. 

"First and foremost this is an active threat," Psaki said. "And as the national security advisor tweeted last night, everyone running these servers — government, private sector, academia — needs to act now to patch them."

The White House is concerned about a wide number of victims being impacted by the breach and said they were working with their partners on the matter, Psaki said.

Sullivan on Thursday tweeted that officials were closely tracking Microsoft's emergency patch for previously unknown vulnerabilities in the Exchange server and were monitoring reports of potential compromises of U.S. think tanks and defense industrial base organizations. 

The Cybersecurity & Infrastructure Security Agency updated an alert issued last week warning of vulnerabilities in Exchange Server that allow attackers to gain persistent system access as well as access to files, mailboxes and credentials. 

The vulnerabilities on Microsoft Exchange Server are not providing any impact to Exchange Online or Microsoft 365 cloud email services, CISA said. 

"If an organization discovers exploitation activity, they should assume network identity compromise and follow incident response procedures," according to the CISA alert. The update stated that organizations should apply available patches if they find no activity. 

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell