'HAFNIUM' threat targeting Microsoft Exchange Servers

By Samantha Cordell | March 8, 2021

Microsoft Exchange Serve VulnerabilityOn March 2, Microsoft detected multiple zero-day exploits attacking on-premises versions of Microsoft Exchange Servers.

Update (11/03/2021):

This issue is affecting thousands of Australian businesses and government agencies with more than 7,000 Microsoft Exchange Servers affected across the country, 250,000 servers worldwide. Australia ranks fourth in the world behind the United States, Germany and the UK.

While this vulnerability was initially exploited by a group called Hafnium, it is has come to light as of March 10th, that there are at least three distinct groups exploiting the vulnerabilities, in addition to Hafnium. Each is using different styles and different procedures.

We are conducting an ongoing investigation across all our customers and we will continue to evaluate the extent of the exploitation.

 

This attack saw threat actors using these vulnerabilities to access email accounts in order to install additional malware. In an update issued on Tuesday, the Microsoft Threat Intelligence Center (MSTIC) attributed this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.

 

Immediate recommendation

We strongly recommend that all businesses with on-premises Microsoft Exchange Servers work with their trusted IT partners to patch their systems immediately. Microsoft notes that Exchange Online is not affected at this time.

 

Details of the attack

After exploiting these vulnerabilities to gain initial access, Microsoft states that the "HAFNIUM operators deployed web shells on the compromised server. Web shells potentially allow attackers to steal data and perform additional malicious actions that lead to further compromise."

HAFNIUM operators were also able to download the Exchange offline address book from compromised systems, which contains information about an organisation and its users.

Diamond IT continues to monitor the situation closely and will release further updates as required.

 

A notification to our customers

Please note that remediation steps and patching for all vulnerable Diamond IT Managed Services customers commenced last week as soon as the vulnerability was announced by Microsoft. No further action is required at this time.

For any further questions around the recent patching, please contact your Business Technology Manager.

 

What is 'Patching'?

Patching is a term used for describing the process of distributing updates to software, correcting vulnerabilities and improving user experience, performance and security. Patches are written by software vendors to repair bugs and improve stability. 

In conjunction with a strong cybersecurity strategy, patching is a crucial tool to keep your systems secure. Without updates, your system will quickly become vulnerable to security threats.

Automating your patch management (or engaging a trusted third party to manage your IT function) will not only reduce the number of hours involved in manual updates, but ensure that all software, regardless of whether it is located in your office or remotely, remains updated and secure.

 

How Diamond IT can support your security

Diamond IT provides regular patch management for our Managed Services customers to ensure your infrastructure is up-to-date and free of bugs and security risks. 

This is all done without our technicians needing to touch your systems, reducing any chance of human error. When a new layer of protection or stability enhancement becomes available, your system will be updated. Diamond IT’s systems also allow us to implement one-off fixes when necessary to major security threats.

If you need advice on how you can ensure your cybersecurity strategy is fit for purpose, or if you'd like more information on Diamond IT's patch management system, our team of cybersecurity experts are ready to help. Contact our team on 1300 307 907 today.

LET'S TALK

 

New call-to-action

TAGS: News and General, Business Technology Consulting,

About Samantha Cordell
Samantha Cordell

It is not surprising that our Head of Marketing, Samantha (Sam) has spent most of her (nearly) 30-year career in the IT industry. Sam studied a combination of computer science and marketing at the University of New England. Her dynamic, energetic and pragmatic style lends itself perfectly to tech. With a background working with major players such as Microsoft, Intel and Cisco Systems, Sam is energised by driving meaningful marketing outcomes for industry leaders.