INSUBCONTINENT EXCLUSIVE:
Multiple nation-state hackers have begun exploiting a vulnerability in Microsoft Exchange email servers that was recently patched.The
UK-based cybersecurity firm Volexity first spotted the vulnerability being exploited in the wild but the firm did not name any of the
hacking groups involved.The vulnerability, tracked under the identifier CVE-2020-0688, was patched by Microsoft last month
If exploited though, the remote code execution vulnerability could be used to read all of an organization's emails as it gives attackers
full control of a Microsoft Exchange email server.While Microsoft has already patched the vulnerability, a technical report from the
Zero-Day Initiative, who first reported the bug to the company, provided extensive details on the bug and how it works
This report served as a roadmap for security researchers who used the information it contained to create proof-of-concept exploits to
prepare their own servers for possible attacks.Following the release of Zero-Day Initiative's report, hacker groups began to scan the
internet for vulnerable Exchange servers which they could launch attacks against in the future.In a new blog post, Volexity revealed that
exploiting or attempting to exploit on-premise Exchange servers
In some cases the attackers appear to have been waiting for an opportunity to strike with credentials that had otherwise been of no use
Many organizations employ two-factor authentication (2FA) to protect their VPN, e-mail, etc., limiting what an attacker can do with a
This vulnerability gives attackers the ability to gain access to a significant asset within an organization with a simple user credential or
credentials for an email account on the server they're trying to attack
This means that less advanced hackers will be unable to do so while nation-state hackers have the resources to exploit the vulnerability.All
Microsoft Exchange servers are considered vulnerable to these attacks including versions that have reached their end-of-life (EoL)
Organizations should apply the latest patch as soon as possible and if they're running an EoL version, they should consider updating to a
