A surge of breaches against Microsoft Exchange Server appear to have rolled out in phases, with signs also pointing to other hackers using the same vulnerabilities after Microsoft announced a patch.
Last week, Microsoft patched four Exchange Server vulnerabilities being used by a hacker group in "targeted and limited" breaches. But as vendors rushed to patch systems, breaches did not appear limited at all. By Wednesday, Huntress Labs told SC Media it was seeing hundreds of breached servers. By the weekend, some researchers were speculating the number of breached systems could reach a hundred thousand.
"I think the statement made by Microsoft, that it was initially very targeted is probably correct; Hafnium or whoever is behind this, was very focused in their initial attack, prior to February 27th," said Tyler Hudak, who is leading the incident response effort for vendor TrustedSec. "On the 27th, that's when it moves to a much larger scale."
Please register to continue.
Already registered? Log in.
Once you register, you'll receive:
The context and insight you need to stay abreast of the most important developments in cybersecurity. CISO and practitioner perspectives; strategy and tactics; solutions and innovation; policy and regulation.
Unlimited access to nearly 20 years of SC Media industry analysis and news-you-can-use.
SC Media’s essential morning briefing for cybersecurity professionals.
One-click access to our extensive program of virtual events, with convenient calendar reminders and ability to earn CISSP credits.