It has been pointed out that more than 30,000 organizations have already been hacked after the government issued an emergency directive in a cyber attack by China.

By, a government-affiliated hackers in China 'Hafnium', Microsoft groupware and is

Exchange Server vulnerabilities (vulnerabilities political) issues that exploitation of this attack had been carried out, the United States of cyber security infrastructure Security Agency ( CISA) issued an urgent order on March 2, 2021 calling on public institutions to take prompt action. In response to this issue, Microsoft has released a tool to detect intrusions, but it has not completely prevented hacking, experts said, 'At least 30,000 organizations have already been hacked. I have. '

CISA Issues Emergency Directive Requiring Federal Agencies to Patch Critical Vulnerability | CISA

At Least 30,000 US Organizations Newly Hacked Via Holes in Microsoft's Email Software — Krebs on Security

Microsoft announced on March 2 that Exchange Server has been hit by a zero-day attack by a Chinese government hacker. You can read more about this issue, called 'ProxyLogon ' because it is a proxy and logon vulnerability, by reading the following articles:

Microsoft reports 'new attack by Chinese government hacker using vulnerability of Exchange Server' --GIGAZINE

by Craig Nagy

In response to this problem, CISA issued 'Emergency Order 21-02' on March 2. It called on all agencies using Microsoft Exchange on-premises products and the private sector of the federal government to disconnect the system from the network until a Microsoft patch was applied.

The 'Microsoft patch' that CISA has asked government agencies to apply is a security update for Exchange Server that Microsoft urgently released on March 2. However, this program only mitigates and detects damage, and does not completely prevent attacks. The Microsoft Security Response Center (MSRC) said in its official blog that the measures taken so far are 'only mitigation measures, and we cannot expect to improve the situation where Exchange Server has already been invaded or provide complete protection from attacks.' I am.

The Jen Saki who is the spokesman of the White House at a press conference on March 5, 'Exchange Server vulnerability is serious, there is a risk of impact over a wide range,' he said announcement was.

In addition, security information site KrebsOnSecurity reported that 'at least 30,000 organizations have been hacked in the United States alone' regarding the specific extent of the damage. 'The Chinese hacking group already has hundreds of thousands of servers running Microsoft Exchange Server,' said two cybersecurity experts interviewed by KrebsOnSecurity on condition of anonymity. There is also information. Basically, one organization runs Exchange Server on one server, so there can be hundreds of thousands of affected organizations and organizations.

Former CISA director Chris Krebs tweeted on Twitter, 'I've heard that the numbers reported by KrebsOnSecurity are extremely modest,' and the number of affected organizations was reported by KrebsOnSecurity. I supported the view that it far exceeds.

Microsoft released a tool to detect intrusions by ProxyLogon on March 6, and CISA strongly recommends using this tool.

in Security, Posted by log1l_ks