Operation Exchange Marauder
2021-03-05 10:45 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
mdlbearIf you happen to be the administrator of a Microsoft Exchange Server that can be accessed from the internet, you need to immediately
- Apply the patches that Microsoft released on Tuesday: Multiple Security Updates Released for Exchange Server – updated March 5, 2021 – Microsoft Security Response Center
- Use this script (on GitHub) to scan your logs, as described in HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security to determine whether you are one of the at least 30,000 organizations that have been hacked via the holes you just patched (see Step 1). (You did patch them, right?) If you are,...
- Figure out what it means to your organization that all of your organization's internal email is now sitting on a disk somewhere in China. If that sounds like A Very Bad Thing,...
- Panic.
Resources
- At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software — Krebs on Security
- Microsoft: Chinese Cyberspies Used 4 Exchange Server Flaws to Plunder Emails
- HAFNIUM targeting Exchange Servers with 0-day exploits - Microsoft Security
- Multiple Security Updates Released for Exchange Server – updated March 5, 2021 – Microsoft Security Response Center
- Operation Exchange Marauder: Active Exploitation of Multiple Zero-Day Microsoft Exchange Vulnerabilities | Volexity
Another fine post from
The Computer Curmudgeon (also at
computer-curmudgeon.com).
Donation buttons in profile.