Microsoft Exchange Server Attack: How Thrive Is Responding
The recent attack on Microsoft Exchange Server by Chinese hacking group, Hafnium, has affected thousands of organizations across the country in a brief period of time. Microsoft announced news of the attack on March 2nd, and immediately released urgent patches in an effort to defend against further attacks.
Microsoft detected zero-day exploits used to attack on-premise versions of Microsoft Exchange Server. These vulnerabilities allowed threat actors to access email accounts and install malware to gain long-term access to these environments.
Thrive has responded quickly to assist clients affected by this attack, and will continue to support them in the coming weeks and months ahead.
What Happened with the Hafnium Attack?
Chinese hackers, known as Hafnium, began exploiting Microsoft Exchange servers in early January. These hackers stayed in stealth mode until early March, when Microsoft urged Microsoft Exchange Server users to patch Exchange systems as quickly as possible.
After the announcement by Microsoft, Hafnium switched from stealth mode to a more aggressive scanning of servers across the globe, looking for vulnerabilities. Soon after, additional hacking groups (now believed to be upwards of 10) began