Quote:Microsoft has spotted multiple zero-day exploits in the wild being used to attack on-premises versions of Microsoft Exchange Server. Adversaries have been able to access email accounts, steal a raft of data and drop malware on target machines for long-term remote access, according to the computing giant.
 
The attacks are “limited and targeted,” according to Microsoft, spurring it to release out-of-band patches this week. The exploited bugs are being tracked as CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065.
 
However, other researchers have reported seeing the activity compromising mass swathes of victim organizations.
 
“The team is seeing organizations of all shapes and sizes affected, including electricity companies, local/county governments, healthcare providers and banks/financial institutions, as well as small hotels, multiple senior citizen communities and other mid-market businesses,” a spokesperson at Huntress told Threatpost.
 
The culprit is believed to be an advanced persistent threat (APT) group known as Hafnium (also the name of a chemical element), which has a history of targeting assets in the United States with cyber-espionage campaigns. Targets in the past have included defense contractors, infectious disease researchers, law firms, non-governmental organizations (NGOs), policy think tanks and universities.
 
“Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to Hafnium, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures,” according to an announcement this week from Microsoft on the attacks.