Did You Personally Take The Steps To Try To Protect It?
On March 2nd, our security team detected unusual network traffic on several on-premise Exchange Servers. Around the same time, several major security vendors started reporting unusual activity to all U.S. based Microsoft Exchange email servers, with source IP addresses being tracked back to a Chinese hacking group.
Later that same day, Microsoft released emergency security updates to plug four security holes in Exchange Server versions 2013 through 2019 that hackers were actively using to siphon email communications from Internet-facing systems running Exchange.
If you are running an Exchange Server with Outlook Web Access exposed to the internet, assume you have been compromised between 02/26/2021 – 03/03/2021 until proven otherwise.
Yes, Please Help Me Scan My Exchange Server For Intrusions & Provide Patching
Sources:
Here is the Microsoft blog about this urgent issue, where they have an update that multiple bad actors are attacking unpatched systems:
https://www.microsoft.com/security/blog/2021/03/02/hafnium-targeting-exchange-servers/
Here is the Washington Post article regarding the attack:
https://www.washingtonpost.com/national-security/china-hack-microsoft-email-biden-response/2021/03/06/7fe6652c-7e1a-11eb-85cd-9b7fa90c8873_story.html
