How to Mitigate the Risks and Recover Exchange Server after Hafnium Attack? These web shells potentially enable threat actors to access the email accounts and facilitate the installation of additional malware or ransomware on the victim’s environment to compromise the system further. Hafnium exploits vulnerabilities on unpatched systems and takes advantage of Exchange authentication architecture to access on-premises Exchange server with administrative privileges and deploy web shells on the victim’s server. It is highly recommended to update the on-premises Exchange server immediately. In response to the Hafnium attack, Microsoft has released multiple security updates for the Exchange server. As of March 12, Microsoft has estimated that more than 82,000 Exchange servers (from an initial 400,000 on March 01) are still vulnerable globally. The threat actors primarily target businesses and institutions in the United States, using US-based Virtual Private Servers (VPS), to get remote access to Exchange servers for stealing critical data from the organization’s network.Īs per reports, the Hafnium group has hacked over 30,000 organizations in a few days till March 05.
According to Microsoft Threat Intelligence Center, these vulnerabilities are exploited by the Hafnium group – an attack group believed to be backed by China. Microsoft recently detected multiple zero-day vulnerabilities on on-premises versions of the Exchange server. How to Mitigate the Risks and Recover Exchange Server after Hafnium Attack?.
0 kommentar(er)
