A collective of hackers, known as HAFNIUM, has been taking advantage of an exploit in Microsoft Exchange servers reportedly as far back as January 6th.
Though the exploit was discovered in February, and first reported on in early March of 2021, a significant number of servers had already been exploited and compromised. The exploit allowed attackers to access user mailboxes, which then allowed them to install additional malware to retain access to the compromised servers. An earlier report on CBC News covered some of the basic details and an announcement made by the Canadian Centre Cyber Security urging companies to investigate into their own organizations to determine whether or not they have been affected.
In a more technical, detailed report, Microsoft has outlined the exact vulnerabilities, how to patch them and how the exploit worked. At this time, Microsoft 365 customers are unaffected by these vulnerabilities; only on-premise Exchange Servers were targeted.
What does this mean for your company? Unless your IT service is running their own dedicated Microsoft Exchange servers, you will be unaffected. If you are on Exchange, chances are your IT staff have already had many late nights and busy weekends investigating, patching, and cleaning up any remaining concerns. Those companies who have migrated to Microsoft 365 prior to January of this year will be safe from these attacks.
If you have concerns about whether there may be a risk, contact us and we can provide an assessment and plan to assist you in securing your company’s IT services.