HAFNIUM Hacking Scheme Affects Over 30,000 U.S. Organizations

HAFNIUM Hacking Scheme Affects Over 30,000 U.S. Organizations via Microsoft Exchange Flaws

More than 30,000 organizations across the U.S. using Microsoft Exchange Server email software have fallen victims to the HAFNIUM hacking scheme. The scheme is suspected of having originated from a Chinese cyber-espionage unit. It has terrorized credit unions, hospitals, small businesses, infectious disease researchers, as well as law firms, among other organizations.

The group discovered flaws in the email software using tools that gave them total remote control access over the afflicted systems. On March 2, 2020, Microsoft had released emergency security updates that helped curb the holes in exchange server versions 2013, 2016, and 2019.

Vulnerabilities Exploited

The cybercriminals attacked the Microsoft Exchange Server’s on-premises versions by using four vulnerabilities to access the email accounts. The four vulnerabilities exploited were:

• Server-side request forgery (SSRF) vulnerability (CVE-202126855)
• Insecure deserialization vulnerability (CVE-2021-26857)
• Exchange-based post-authentication arbitrary file write vulnerability (CVE-2021-26858)
• Exchange-based post-authentication arbitrary file write vulnerability (CVE-2021-27065)

They installed malware called web shells which facilitated long-term access as well as control of the victims’ environment. This gave the malicious group administrative access as well as privilege rights to the victim’s computer server. And thus they could tamper with their resources accordingly.

Organizations were hence required to update their on-premises systems with immediate effect to protect themselves against further exploits. Furthermore, Microsoft chose to share the information about the exploits to help their customers emphasize the vulnerabilities’ critical system. And prevent any future exploits and abuse.

Report on the Vulnerabilities

Attackers were exploiting the Microsoft exchange bugs on January 6, 2021. However, after Microsoft released its security updates for the vulnerabilities, it is believed that the hacking group HAFNIUM shifted into a higher advanced gear. And started scanning the internet for any unprotected Microsoft Exchange Servers.

Furthermore, there are still chances of web shells on servers patched the day Microsoft had released the updates. Additionally, all companies that did not patch on time may still be vulnerable. This simply means that patching the four flaws only blocks how the hackers are getting into the networks but do not undo and rectify the damages.

U.S. Government’s Response to the HAFNIUM Hacking Scheme

Governments’ cybersecurity agencies are working together with Microsoft and private security companies to help provide possible protection against malicious attacks. According to Microsoft, the best protection for their customers is to apply the updates with immediate effect. On the other hand, the CISA also issued an emergency directive that ordered agencies and departments running vulnerability exchange servers to either disconnect Microsoft products from their networks. Or update their software as per Microsoft directives.

Alvarez Technology Group helps protect against such vulnerabilities, which cause significant damage to organizations. Rooting out the intruders as well as any other future potential attackers requires an urgent clean-up. The company suggests that removing backdoors too slowly might risk organizations broadening the attack. This is because intruders are dynamic and may, in turn, install additional backdoors into the system.

The company provides active cybersecurity solutions to improve organizations’ reliability and reduce risks by protecting their customers from cyber-attack. They offer the next generation defense cyber-attack to provide all-around protection of the organizations’ system against any malicious act. This ensures a reduced business risk for your organization as they evaluate them over time. Enabling you to improve your customers’ goodwill.

Some  IT security platforms offered by the company include:

• Ironclad firewalls and virtual private networks
• Antivirus and anti-malware software
• Real-time network monitoring
• Active notifications of unusual network activity, potential malware
• Web-based email and internet filtering
• Remote maintenance
• Remote failsafe and offsite data storage for quick recovery.

Guarding your organization is made a top priority for the security professionals at Alvarez Technology Group. We want to help you with your IT needs. Contact us today for more information on how to secure your devices. If you liked this article then head over to our blog for more insightful pieces.