The United States Cybersecurity and Infrastructure Security Agency had issued an emergency directive warning against the active vulnerabilities present. After the release of Microsoft’s security patch that identified several zero-day vulnerabilities present in the Microsoft Exchange Server.
How this Started?
These alerts also identified that the China-based hackers were using the software bug in the Exchange server and steal confidential data from selected victims, this happened 2 times in 4 months and the United States scrambled this issue as a widespread hacking campaign that believed this is the work of foreign attackers.
However, the company identified the campaign was conducted by the threat group named HAFNIUM security firm and said that the evidence is spotted as CVE-2021-26855 which is actively exploited and goes wild. Multiple experts also said that the attacker behind this campaign was from cyber espionage groups, Calypso and LuckyMouse and they targeted the servers situated in United States, Europe Middle East, Asia.
The researchers also said that the organization also heard the alarm about mass exploitation in exchange servers, that notifying over the 350 web shells and also founded more than 2000 vulnerabilities servers and among these vulnerable servers, they also discovered 350 web shells that target one web shell and indicated the automated deployment towards the multiple unidentified attackers, These attackers also slipped the endpoint those are secured with antivirus and other security measures.
Summering Up
Microsoft reported the latest development that shows this attack is spreading and extends its limits. Since it is not clear that if any United States organizations have been infected by this attack but the CISA issued an emergency directive.
The organization are requested to apply the updated patch to resolve the threats and the agencies that criticized widespread exploitation of the vulnerabilities after the public disclosure are at the risk that the FBI and the American Public could be infected
