Cloud Hosting

Hafniums cyberespionage campaign exploiting now-patched Exchange Server zero days morphed, in late February, into multiple campaigns conducted by both state-directed and criminal threat actors. France 24s account of the incident bears out their headline: its become a global crisis.

Criminal interest in exploiting unpatched Exchange Servers continues unabated. Check Point says its observed attacks increase by an order of magnitude over the past week. KnowBe4 reports a similar rise in account impersonation attempts.

CISA has updated its advice on dealing with Microsoft Exchange Server exploitation to include notes on China Chopper webshells being used against victims. The UKs National Cyber Security Centre (NCSC), like its counterparts in the US, Germany, and elsewhere, has urged all organizations, both public and private, to apply Microsofts patches as soon as possible. They also recommend that all organizations look for signs of compromise by threat actors, whether Chinese intelligence services or criminal gangs.

Microsoft itself continues to update guidance on protecting on-premise Exchange Servers from attacks. Yesterday the Microsoft Security Response Center released a new, one-click mitigation tool to help users secure both current and out-of-support versions of Exchange Server.

Vice has a disturbing first-person account of how an SMS marketing tool can be abused to redirect messages to a third-party. Its not an exotic hack: all the bad actors would need to do is sign up for the service (its only $16), falsely claim to be the owner of your number, and then have your messages redirected to a number under their control.

Read more from the original source:
Exchange Server patching and mitigation race to keep pace with exploitation. A low-tech SMS snooping method. - The CyberWire