Microsoft Patches 4 Actively Exploited Flaws in Microsoft Exchange Server
Microsoft has released out-of-band security updates to fix four zero-day Microsoft Exchange Server vulnerabilities that are being actively exploited by a Chinese Advanced Persistent Threat (APT) group known as Hafnium.
The attacks have been ongoing since early January, with the APT group targeting defense contractors, law firms, universities, NGOs, think tanks, and infectious disease research organizations in the United States. Exploitation of the flaws allows the attackers to exfiltrate mailboxes and other data from vulnerable Microsoft Exchange servers, run virtually any code on the servers, and upload malware for persistent access.
Hafnium is a previously unidentified sophisticated APT group that is believed to be backed by the Chinese government. The group is chaining together the four zero-day vulnerabilities to steal sensitive data contained in email communications. While developing the exploits required some skill, using those exploits is simple and allows the attackers to exfiltrate large quantities of sensitive data with ease. While the APT group is based in China, virtual private servers in the United States are leased for use in the attacks, which helps the group stay under the radar.
The flaws are...