Exploit: Product Vulnerability (Nation-State Hacking)
Microsoft: Software Developer
Microsoft reported that suspected Chinese nation-state actors that it identified as Hafnium exploited a flaw in Exchange that gave them access to an unspecified amount of data or email accounts. In its blog, Microsoft stated that Hafnium had engaged in a number of attacks using previously unknown exploits targeting on-premises Exchange Server software. The company detailed the exact method that was used as a three-step process. First, Hafnium would gain access to a victim’s Exchange Server either with stolen passwords or by using the previously undiscovered vulnerabilities to disguise itself as someone who should have access. Second, it would create a web shell to control the compromised server remotely. Third, it would use that remote access (run from US-based private servers) to steal data from the victim organization’s network.
Microsoft estimated that 30,000 or so customers were affected. This flaw impacted a broad range of customers, from small businesses to local and state governments and some military contractors. The hackers were able to steal emails and install malware to continue surveillance of their targets. Patches were quickly made available, but the damage had been done.
Key Takeaways: This incident had an impact that is still being measured. Companies that quickly patched the flaw fared better than companies that didn’t. This incident is a reminder that risk can come from unexpected directions at any time.