The Microsoft Exchange Hack

The Microsoft Exchange server hack is shaping up to be one of the largest attacks in history, with adversaries stealing email from more than 30,000 U.S. organizations and 60,000 organizations globally, according to media reports. Ten different advanced hacking groups have taken advantage of four zero-day flaws in on-premise versions of Exchange to compromise small and mid-sized businesses at will.

The campaign took on a terrifying new dimension when Microsoft admitted that hackers had begun deploying DearCry ransomware on victim systems after hacking into Exchange servers that remain unpatched. For at least one of the victims, the DearCry ransomware operators demanded a ransom of $16,000, according to BleepingComputer.

Hackers have targeted everyone from local governments, academic institutions and non-governmental organizations to businesses focused on agriculture, biotechnology, aerospace, defense, legal services, power utilities, and pharmaceuticals, according to the FBI and CISA (Cybersecurity and Infrastructure Security Agency). This is consistent with previous activity by Chinese cyber actors, federal officials said.

REvil Ransomware Targets Acer’s Microsoft Exchange Server: Source
The notorious REvil ransomware gang recently targeted a Microsoft Exchange server on Taiwanese PC giant Acer’s domain, according to Advanced Intelligence CEO Vitali Kremez.

DearCry Ransomware Unleashed In Microsoft Exchange Hack
‘Human operated ransomware attacks are utilizing the Microsoft Exchange vulnerabilities to exploit customers,’ Microsoft Security Program Manager Phillip Misner tweeted Thursday night.

Hackers Steal Email From 30K US Orgs Via Microsoft Flaw: Report
‘It’s police departments, hospitals, tons of city and state governments and credit unions. Just about everyone who’s running self-hosted Outlook Web Access and wasn’t patched as of a few days ago got hit with a zero-day attack,’ a source tells KrebsOnSecurity.

Microsoft Exchange Vulnerability Much Larger Than Company Is Saying: Huntress
‘This seems to be a much larger spread than just ‘limited and targeted attacks’ as Microsoft has suggested ... These [victim] companies do not perfectly align with Microsoft’s guidance,’ says Huntress’ John Hammond.

Microsoft Exchange Server Attacked By Chinese Hackers
Volexity has seen active in-the-wild exploitation of multiple Microsoft Exchange vulnerabilities used to steal email and compromise networks, and the attacks appear to have begun as early as Jan. 6.