For a week, hackers took advantage of a flaw in the Exchange mail server to break into the servers of tens of thousands of companies. Microsoft has fixed the flaw, but the damage is done, and hackers are still active on the hacked servers.
When a hacker wants to go after companies, he doesn’t necessarily have to go after a server directly, which could be compared to the front door of the computer system. It can also go through the window, and in this case, software used by the target company. Just like when hackers use an app to hack a smartphone.
We have just learned that tens of thousands of American companies are the victims of a large-scale attack, and the hackers took advantage of a flaw in Exchange, the messaging service developed by Microsoft. In a hurry, Microsoft immediately released patches to stop the attack, but it is unfortunately too late for companies that had already been attacked. According to KrebsOnSecurity, the number of companies affected by the attack is estimated to exceed 100,000 worldwide, including 30,000 in the United States.
Chinese hackers behind the attack
«If your company runs an Outlook Web Access server connected to the Internet, assume you are affected by an attack launched between February 26 and March 3», writes Brian Krebs, who reports that hackers have installed a “webshell.” on hacked servers to enter commands as administrators via a terminal window accessible with a web browser. They can therefore start downloading data or delete data.
For Microsoft, these are attacks by a group of Chinese hackers, known as Hafnium, but the firm says that the simplicity of the attack has undoubtedly allowed other hackers to imitate them. Microsoft confirmed that the flaw was therefore fixed, but now each company must remove the malware installed by the hackers, and it has put online a small script that allows to know if his company was affected by the attack.