What’s happened?

Hundreds of UK companies, and hundreds of thousands worldwide, have been compromised as the result of a cyber-attack campaign.

The hackers, reportedly part of a Chinese government-backed hacking group, have targeted the email system Microsoft Exchange Server. The group have exploited zero-day vulnerabilities to steal emails.

What are zero-day vulnerabilities?

Microsoft has said that the group was using four never-seen-before hacking techniques to infiltrate email systems. This means that those responsible for patching the vulnerability had zero days to do it before the flaw was exposed or exploited by malicious hackers.

Currently, an official security patch has not yet been released, allowing other hackers to target vulnerable organisations. According to Eset, as many as ten different hacking groups are now actively using the zero-day exploits to target companies.  

Is my business at risk?

It’s important to note that the vulnerabilities are not present in Microsoft 365 (formerly Office 365) email services. The attackers targeted on-premises editions of Microsoft Exchange Server.

What can I do?

If you do have a Microsoft Exchange Server, you should attempt to identify whether your organisation has already been breached.

Microsoft has released a tool that scans Exchange log files for indicators of compromise (IOCs) associated with the vulnerabilities.

Microsoft has also issued patches for the critical vulnerabilities in Microsoft Exchange Server. They have recommended that vulnerable organisations apply them as a matter of urgency.

If you have any questions or concerns, please get in touch.