2021-03-10 07:21
Attacks on Exchange servers
There is a security issue with exchange servers. Exchange servers can be attacked trough a zero day exploit called Proxylogon. If successful, the attackers can download data from the email server. Microsoft knew about the problem since january, but did not immediately release a fix. There is a patch since 2. of march, but not all servers are patched, yet. Now there were hacks of several companies and institutions. It is said that China is involved in the attacks, but you can't know for sure. Microsoft writes about a group of chinese hackers called Hafnium.
The attack goes like this: there is a server-side request forgery to send http requests to the server, imitating an exchange service. Another bug is used to upload files to the server and the last used bug allows executing code with administrative rights. The usage of different bugs was combined to install a shell on the servers and gain access to the data on this servers. Emails and contacts might be in the hand of attackers.