Risk & Repeat: Recapping the Exchange Server attacks
This week's Risk & Repeat episode looks back at the Microsoft Exchange Server attacks, plus the questions and mysteries surrounding the ongoing threat.
This week's Risk & Repeat podcast discusses the pressing questions and mysteries around the ongoing Microsoft Exchange Server attacks.
One month ago, Microsoft disclosed and patched four zero-day vulnerabilities in the on-premises version of its Exchange Server software, which were under exploitation from a Chinese nation-state threat group known as Hafnium. The vulnerabilities, including a dangerous server-side forgery request flaw called ProxyLogon, enable unauthorized parties to access Exchange email servers.
But what Microsoft first described as "limited and targeted attacks" quickly expanded, as security researchers discovered that other threat actors were exploiting the Exchange Server flaws -- with some attacks occurring well before Microsoft disclosed the vulnerabilities. The timeline of events has raised questions about possible leaks or breaches in the disclosure process that enabled Hafnium to learn that the vulnerabilities had been discovered and were about to be patched.
There are also pressing concerns about the scope of the Exchange server attacks and whether federal government agencies have been impacted. SearchSecurity editors Rob Wright and Alex Culafi discuss these questions and more in this episode of Risk & Repeat.
Cisco Talos: Exchange Server flaws accounted for 35% of attacks