Microsoft Exchange Servers Being Exploited Indiscriminately

By rbosaz, 9 March, 2021

Microsoft released patches for 0-day exploits last week, but looks like hackers may have heard about the release of the patch. And so hackers began mass scans the week before. Even though you patched your server last week, you may have been compromised. The first thing you should do is backup all your Exchange Server's data and store the backup off-line.  Then check if you have been PWNED via Check My OWA.

Here's some detailed articles:

HAFNIUM targeting Exchange Servers with 0-day exploits

Krebs has excellent coverage:

Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails

A Basic Timeline of the Exchange Mass-Hack

Warning the World of a Ticking Time Bomb

Comments