Danish cybersecurity company Dubex reported on their blog, Please Leave an Exploit After the Beep, that victims they reviewed in January had a “web shell” backdoor installed through the “unifying messaging” module. This module is a core component on the Exchange network that organizes and stores emails, calendars, voicemail, and faxes in the Contacts compartment of Microsoft users’ mailboxes.
Two months to Respond?
Software giant Microsoft admitted it was attacked in “early January.” Apparently, the company didn’t understand how dangerous the attacks were. The firm did not disclose the breach until March 2nd when they posted details on-site and issued its first set of patches.
The Cybersecurity expert blog, KrebsonSecurity, tracks-back the first report of the hack-attack that came on Jan. 5, from security testing firm DEVCORE, also known as “Orange Tsai.” The cyber company reported two of the four flaws that Microsoft disclosed and introduced patches for on March 2nd.
Cybersecurity company Volexity based in Reston, Va.claims they found evidence of attacks on January 6th. After more investigation, they informed Microsoft on February 2nd. Volexity claims they can see attack traffic going back to January 3rd.
Multiple Exploitations?
The MIT Technology Review reports that Hafnium is not the only threat. Security experts claim there may now be at least four other hacking groups actively exploiting the Exchange Server flaws.
