There’s a vexing mystery surrounding the 0-day attacks on Exchange servers

by
Dan Goodin
from Ars Technica - All content on (#5F6ZC)
zeroday-800x534.jpg

Enlarge (credit: Getty Images)

The Microsoft Exchange vulnerabilities that allow hackers to take over Microsoft Exchange servers are under attack by no fewer than 10 advanced hacking groups, six of which began exploiting them before Microsoft released a patch, researchers reported Wednesday. That raises a vexing question: how did so many separate threat actors have working exploits before the security flaws became publicly known?

Researchers say that as many as 100,000 mail servers around the world have been compromised, with those for the European Banking Authority and Norwegian Parliament being disclosed in the past few days. Once attackers gain the ability to execute code on the servers, they install web shells, which are browser-based windows that provide a means for remotely issuing commands and executing code.

When Microsoft issued emergency patches on March 2, the company said the vulnerabilities were being exploited in limited and targeted attacks by a state-backed hacking group in China known as Hafnium. On Wednesday, ESET provided a starkly different assessment. Of the 10 groups ESET products have recorded exploiting vulnerable servers, six of those APTs-short for advanced persistent threat actors-began hijacking servers while the critical vulnerabilities were still unknown to Microsoft.

Read 18 remaining paragraphs | Comments

index?i=Xx7vM-OyT9w:oETlrp4VCLM:V_sGLiPB index?i=Xx7vM-OyT9w:oETlrp4VCLM:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments