As originally reported by ZDNet and Brian Krebs, exploitation of the four Microsoft Exchange server vulnerabilities (CVE-2021-27065, CVE-2021-26855,CVE-2021-26857, CVE-2021-26858) have resulted in at least 30,000 compromised servers in the United States, and hundreds of thousands worldwide. Former CISA Director Chris Krebs stated that the real number of victims dwarfs the publicly reported number. Microsoft has attributed most of the early attacks using these vulnerabilities to a China-backed hacking group, Hafnium, but since proof-of-concept exploit code has been publicly released, many more unrelated APT and criminal groups have added to the number of attacks. CISA has issued a statement warning of “widespread domestic and international exploitation” of the Microsoft Exchange Server vulnerabilities, and urged agencies to apply a patch or take the system offline. According to Volexity, the attacks started as early as January 6th, 2021.
By Anthony Zampino Introduction Leading up to the most recent Russian invasion of Ukraine in