On Wednesday, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) and the Federal Bureau of Investigation (FBI) warned of active misuse of flaws in Microsoft Exchange on-premises products by nation-state actors and hackers.
As per the agencies: “CISA and FBI assess that adversaries could exploit these vulnerabilities to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack.”
The attacks have mainly targeted local governments, academic institutions, NGOs, and business entities in several industry sectors, including agriculture, biotechnology, aerospace, defense, legal services, power utilities, and pharmaceutical.
Scores of entities, including the European Banking Authority and the Norwegian Parliament, are thought to have been violated to install a web-based backdoor called the China Chopper web shell that enable the hackers to loot email inboxes and remotely access the target systems.
The development comes on the heels of the swift expansion of attacks aimed at susceptible Exchange Servers, with several threat actors abusing the vulnerabilities as early as February 27 before they were finally patched by Microsoft last week, quickly turning what was branded as “limited and targeted” into an indiscriminate mass exploitation drive.