The FBI has issued a statement urging Microsoft network owners to immediately apply security updates to their systems.
The statement follows attacks exploiting newly discovered security vulnerabilities of Exchange Server software, which includes Microsoft’s email, calendar, contact and scheduling platform primarily for business use.
According to information released by Microsoft, the threats, which the company is calling HAFNIUM, operate from China, and the attacks are made in three steps — first, HAFNIUM gains access to an Exchange Server either with stolen passwords or by using vulnerabilities to disguise itself as someone who should have access. Second, it creates what’s called a web shell to control the compromised server remotely. Third, it uses that remote access run from the U.S.-based private servers to steal data from an organization’s network.
HAFNIUM primarily targets organizations in the United States to secure information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and non-governmental organizations.
Anyone whose Exchange Server has been compromised is asked to contact the FBI’s Atlanta field office by calling 770-216-3000.