Cloud Security, Cloud Security, Incident Response

Microsoft Exchange hack: FBI, CISA warn of follow-on ‘destructive’ attacks


A joint advisory from the Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency warns of potential follow-on attacks to the recent hacking incident against vulnerable Microsoft Exchange email servers, Breaking Defense reported.

Noting that the number of Exchange hacks attempted and accomplished have not been decreasing, the agencies and other security firms say more threat actors are likely to attack the servers, ranging from cybercriminals to actors sanctioned by nation-states.

A recent report by security firm ESET identified “at least 10” threat actor organizations attacking Exchange servers with zero-day exploits and web shells. The advisory says the attacks could take the form of ransomware deployed by cybercriminals or more destructive actions such as data wiping, which are more likely to be performed by nation-states.

The advisory recommends an immediate forensic triage of all on-site Exchange servers to search for signs of compromise, and to perform a step-by-step procedure supplied by the agency if the organization has in-house forensic capabilities. Those without in-house forensics expertise and which have discovered signs of compromise are advised to disconnect their Microsoft Exchange on-premises servers and inform the FBI or CISA.

Jill Aitoro

Jill Aitoro leads editorial for SC Media, and content strategy for parent company CyberRisk Alliance. She 20 years of experience editing and reporting on technology, business and policy.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.