The attackers have been able to cast a wide net for victims since they infected most of the infrastructure system before Microsoft’s cybersecurity experts could shut down the hack.
Multiple Security Updates Released for Exchange Server
Microsoft last updated their security and technical information on March 5th. They reported details of the attack and provided security patches.
Huntress Labs, a Maryland-based firm that monitors cybersecurity wrote a Post-Exploitation Analysis on Friday.
“If you use on-prem Microsoft Exchange Servers, you might want to assume you’ve been hit. We recommend you not only patch immediately but externally validate the patch and hunt for the presence of these web shells and other indicators of compromise (see the technical details below). Trusting the dashboard is simply not enough.”
Huntress gave additional details and also provided security patches.
From One Cybersecurity Crisis to the Next
The attack comes on the heels of the SolarWinds attack by suspected Russian hackers which breached at least nine federal agencies and over 100 companies. The group infected updates from IT management software maker SolarWinds, LLC.