Hackers are exploiting vulnerable Exchange servers to drop ransomware, Microsoft says – TechCrunch

Hackers are taking advantage of recently discovered vulnerabilities in Exchange email server to drop ransomware Thousands of email servers Danger of catastrophic attacks.

In a tweet late Thursday evening, the tech giant said It was revealed DoejoCrypt – or a new kind of file-encrypting malware called DearCry – that uses the same four vulnerabilities to add Microsoft New China Supported Hacking Group Is called hafnium.

When chained together, vulnerabilities allow a hacker to take full control of a vulnerable system.

Microsoft said that Hafnium is the “primary” group to exploit these flaws, which are likely to be spying and intelligence gathering. But other security firms say they have seen other hacking groups take advantage of similar flaws. ESET said At least 10 groups Exchange servers are actively compromised.

Michael Gillespie, a ransomware expert Ransware develops decryption tools, Several sensitive exchange servers in the US, Canada and Australia were infected with Diercry.

The new ransomware comes a day after a security researcher published proof-of-concept exploit code for Microsoft-owned GitHub’s vulnerabilities. The code was Rapid removal After some time for violating company policies.

Said Marcus Hutchins, a security researcher at Cryptos Logic In a tweet The code worked, with some improvements.

Threat intelligence company RiskIQ says it has detected more than 82,000 unsafe servers as of Thursday, but the number is declining. The company said that hundreds of servers connected to banks and healthcare companies were still affected, as well as more than 150 servers in the US federal government.

This is a rapid decline compared to 400,000 vulnerable servers when Microsoft revealed the vulnerabilities on March 2, the company said.

Microsoft published security fixes Last week, But patches do not expel hackers from already broken servers. The FBI and CISA, both the federal government’s cybersecurity advisory unit, have warned that vulnerabilities present a significant risk to businesses across the United States.

John Hultquist, vice president of FireEye’s mandatory threat intelligence unit analysis, said he is trying to capitalize on more ransomware groups.

“While many unpublished organizations can still be exploited by cyber espionage actors, criminal ransomware operations can pose a major risk as they disrupt organizations and expel victims by issuing stolen emails,” Haqqvist said .