On March 2, Microsoft released emergency security updates to plug four security loopholes in Exchange Server versions 2013 through 2019. Chinese state-sponsored cyber-espionage unit was using these security loopholes to sniff into email conversations of victim organizations.
At least 30,000 organizations in the United States alone are believed to be hacked by the espionage group to siphon email communications from Internet-facing systems running Exchange.
If you have been running an OWA server exposed to the internet, it is safe to assume that you have been compromised between 26th February and 3rd March.
Three days since Microsoft patched the vulnerabilities, security experts say that the hackers have been ramping up exploiting any unpatched Exchange server around the world.
Following the incident, a Microsoft spokesperson said “The best protection is to apply updates as soon as possible across all impacted systems.” “We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources,” he added.