According to researchers at F-Secure, vulnerable Microsoft Exchange servers are being attacked ‘faster than we can count’. Although Microsoft estimates only around 8 percent of servers remain unpatched, F-Secure says that new groups of hackers have started chasing behind this vulnerability.
It has been almost a month since Microsoft released a patch for the four zero-day vulnerabilities. Yet, 8 percent (or 30,000) servers are still vulnerable, says the tech giant.
This flaw was abused by hackers for various criminal activities such as writing webshells to disk, dumping credentials, adding user accounts, and stealing complete copies of the Active Directory database.
The Department of Homeland Security raised the alarm about this flaw a month back. Per recent reports, out of the 400,000 servers affected by this flaw, 92 percent (or 370,000) of servers have been patched. These attacks were initiated by the state-sponsored hacker group operating out of China, HAFNIUM. Since then, many such hacker groups have joined this pursuit. Recent reports show that the BlackKingdom ransomware group is the latest popular hacker group to jump on this bandwagon.