As if the SolarWinds fiasco wasn’t enough to completely undermine any trust in technology security, Microsoft is warning everyone about a significant exploit in its Exchange email platform that is actively being leveraged by a Chinese advanced persistent threat group dubbed “Hafnium.” According to Microsoft’s Threat Intelligence Center, this group is known for targeting entities in the United States primarily to steal data and intellectual property from a wide swath of industry, political and government organizations, but with this recent exploit, the attackers have spread globally, attempting to compromise as many servers as they can before administrators can patch vulnerable servers.
What this means for you
First and foremost, if your email is provided by an on-premise Exchange Server that is not being actively maintained by a qualified technology professional, you may be in danger, and you should contact an IT professional or a company like C2 immediately. It will be important to patch your servers immediately and then determine if the server has been breached. If you are breathing a sigh of relief because your email is hosted in the cloud, it’s still important to make sure your vendor has taken appropriate steps to make sure their platform is properly secured as they may be using Exchange to provide email services to you.
If your email is provided by Microsoft 365 or Google, this exploit does not impact you directly, but keep in mind that vendors and clients you work with may have been compromised, which may also have implications for your organization. Information stolen from a client or vendor in breach could be used to impersonate a trusted individual in an attempt to trick you or someone in your organization into any number of activities that could end up directly affecting your bank account. One of our clients recently notified us that one of their vendors fell for an email spoofing campaign that resulted in that vendor writing a very large check to pay off our client’s invoice, but that check was sent to a fake address. Even though you might not be directly impacted by the Hafnium campaign, the sheer size of the information breach means that someone likely very close to your organization may be affected. As such, you and all your organization’s employees should treat any unusual emails or transaction requests with caution and skepticism for the foreseeable future.
Image courtesy of Stuart Miles at FreeDigitalPhotos.net