Microsoft Cyberattack Continues Growing in Severity, Victims Racking UpMicrosoft Cyberattack Continues Growing in Severity, Victims Racking Up
Microsoft had almost two months to push out the patch it shipped on Mar. 2.
March 9, 2021
There are now at least 60,000 known victims of the massive Microsoft cyberattack on the company’s on-premises Exchange business email software globally.
That’s according to the latest Bloomberg report. The Microsoft cyberattack allowed access to email accounts and installation of malware to increase hackers’ dwell time inside a system.
Microsoft attributes the attack to HAFNIUM, a group considered to be state-sponsored and operating out of China.
In addition, malicious hackers compromised the European Banking Authority’s email servers in the attack.
Saryu Nayyar is CEO of Gurucul.
Gurucul’s Saryu Nayyar
“With organizations migrating to Microsoft Office 365 en masse over the last few years, it’s easy to forget that on-premises Exchange servers are still in service,” she said. “Some organizations, notably in government, can’t migrate their applications to the cloud due to policy or regulation, which means we will see on-premises servers for some time to come.”
These zero-day vulnerabilities were first detected as early as Feb. 27. That’s according to the team at Huntress, which was first to report it via an MSP partner. The team is seeing organizations of all shapes and sizes affected.
According to Krebs on Security, Microsoft had almost two months to push out the patch it shipped on Mar. 2, or else help Exchange customers mitigate the threat from this flaw before attackers “started exploiting it indiscriminately.”
Scroll through our slideshow above for more coverage of this still-active and growing cyberattack.
Read more about:VARs/SIs
About the Author(s)
You May Also Like