{"id":516,"date":"2021-03-08T13:30:01","date_gmt":"2021-03-08T13:30:01","guid":{"rendered":"https:\/\/www.tsfactory.com\/forums\/?p=516"},"modified":"2021-03-08T13:32:35","modified_gmt":"2021-03-08T13:32:35","slug":"government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers","status":"publish","type":"post","link":"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/","title":{"rendered":"Government briefed on breach of at least 30,000 Microsoft Exchange Servers"},"content":{"rendered":"<div class=\"wysiwyg\">\n<p>Cybersecurity experts briefed government investigators that at least 30,000 Microsoft Exchange Servers have been breached using a chain of vulnerabilities Microsoft patched on Tuesday.<\/p>\n<p>The reports, published by independent reporter <a href=\"https:\/\/krebsonsecurity.com\/2021\/03\/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software\/\" target=\"_blank\" rel=\"noreferrer noopener\">Brian Krebs<\/a> and later by <a href=\"https:\/\/www.wired.com\/story\/china-microsoft-exchange-server-hack-victims\/\" target=\"_blank\" rel=\"noreferrer noopener\">Wired\u2019s Andy Greenberg<\/a>, would confirm a trend SC Media reported earlier in the week, that security investigators were finding <a href=\"https:\/\/www.scmagazine.com\/home\/security-news\/data-breach\/microsoft-exchange-server-breaches-more-widespread-than-originally-thought\/\">substantially more instances<\/a> of Microsoft Exchange servers that had been breached than Microsoft\u2019s original report of \u201climited and targeted\u201d attacks may have let on.<\/p>\n<p>In that story, published only a day after Microsoft\u2019s announcement, John Hammond of cybersecurity vendor Huntress shared with SC Media data that would indicate a far more extensive victim pool.<\/p>\n<p>\u201cWe took a sample of about 2,000 or so of our partners\u2019 [servers]. We saw 400 that are vulnerable, an extra 100 that are potentially vulnerable and 200 and growing that were compromised,\u201d he said, later adding: \u201cFrom everything that we can see, it seems that the threat actors are scanning the whole internet, looking for whatever happens to be vulnerable and going after that low-hanging fruit wherever they can find it.\u201d<\/p>\n<p>Microsoft attributed the Exchange Server hacking operation to Chinese state-sponsored actors they dubbed Hafnium. The researchers who spoke to Brian Krebs claimed as many as 100,000 servers may have been breached.<\/p>\n<p>Hammond noted that the breaches appeared to be so untargeted that several servers appeared to host more than one version of the \u201cChina Chopper\u201d webshell, an indication Hafnium breached the same server more than once. That would suggest either tactics leveraging automation or simple disorganization on the part of attackers.<\/p>\n<p>\u201cIt is so peculiar to see multiple web shells when only one really would be needed,\u201d he said.<\/p>\n<p>Homeland Security, Microsoft, and White House spokesperson Jen Psaki in a Friday news conference has emphasized how critical it is to patch.<\/p>\n<p>\u201cWe are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately to protect against these exploits and prevent future abuse across the ecosystem,\u201d <a href=\"https:\/\/www.scmagazine.com\/home\/security-news\/vulnerabilities\/microsoft-issues-critical-exchange-server-patches-to-thwart-wave-of-targeted-attacks\/\">said Microsoft in its initial announcement<\/a>.<\/p>\n<p>Source: SC Magazine<\/p>\n<p><a href=\"https:\/\/www.scmagazine.com\/home\/security-news\/data-breach\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/\">Read the Full Story Here<\/a><\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Cybersecurity experts briefed government investigators that at least 30,000 Microsoft Exchange Servers have been breached using a chain of vulnerabilities Microsoft patched on Tuesday. The reports, published by independent reporter Brian Krebs and later by Wired\u2019s Andy Greenberg, would confirm a trend SC Media reported earlier in the week, that security investigators were finding substantially [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":517,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-516","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v24.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Government briefed on breach of at least 30,000 Microsoft Exchange Servers - Community<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Government briefed on breach of at least 30,000 Microsoft Exchange Servers - Community\" \/>\n<meta property=\"og:description\" content=\"Cybersecurity experts briefed government investigators that at least 30,000 Microsoft Exchange Servers have been breached using a chain of vulnerabilities Microsoft patched on Tuesday. The reports, published by independent reporter Brian Krebs and later by Wired\u2019s Andy Greenberg, would confirm a trend SC Media reported earlier in the week, that security investigators were finding substantially [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/\" \/>\n<meta property=\"og:site_name\" content=\"Community\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/TSFactoryLLC\/\" \/>\n<meta property=\"article:published_time\" content=\"2021-03-08T13:30:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2021-03-08T13:32:35+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/03\/pexels-nothing-ahead-4567339.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1280\" \/>\n\t<meta property=\"og:image:height\" content=\"1920\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Chelsie Wyatt\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:site\" content=\"@TSFactoryLLC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Chelsie Wyatt\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/\",\"name\":\"Government briefed on breach of at least 30,000 Microsoft Exchange Servers - Community\",\"isPartOf\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/03\/pexels-nothing-ahead-4567339.jpg\",\"datePublished\":\"2021-03-08T13:30:01+00:00\",\"dateModified\":\"2021-03-08T13:32:35+00:00\",\"author\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\"},\"breadcrumb\":{\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/#primaryimage\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/03\/pexels-nothing-ahead-4567339.jpg\",\"contentUrl\":\"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/03\/pexels-nothing-ahead-4567339.jpg\",\"width\":1280,\"height\":1920},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.tsfactory.com\/forums\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Government briefed on breach of at least 30,000 Microsoft Exchange Servers\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#website\",\"url\":\"https:\/\/www.tsfactory.com\/forums\/\",\"name\":\"Community\",\"description\":\"TSFactory\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f\",\"name\":\"Chelsie Wyatt\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g\",\"caption\":\"Chelsie Wyatt\"},\"url\":\"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Government briefed on breach of at least 30,000 Microsoft Exchange Servers - Community","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/","og_locale":"en_US","og_type":"article","og_title":"Government briefed on breach of at least 30,000 Microsoft Exchange Servers - Community","og_description":"Cybersecurity experts briefed government investigators that at least 30,000 Microsoft Exchange Servers have been breached using a chain of vulnerabilities Microsoft patched on Tuesday. The reports, published by independent reporter Brian Krebs and later by Wired\u2019s Andy Greenberg, would confirm a trend SC Media reported earlier in the week, that security investigators were finding substantially [&hellip;]","og_url":"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/","og_site_name":"Community","article_publisher":"https:\/\/www.facebook.com\/TSFactoryLLC\/","article_published_time":"2021-03-08T13:30:01+00:00","article_modified_time":"2021-03-08T13:32:35+00:00","og_image":[{"width":1280,"height":1920,"url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/03\/pexels-nothing-ahead-4567339.jpg","type":"image\/jpeg"}],"author":"Chelsie Wyatt","twitter_card":"summary_large_image","twitter_creator":"@TSFactoryLLC","twitter_site":"@TSFactoryLLC","twitter_misc":{"Written by":"Chelsie Wyatt","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/","url":"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/","name":"Government briefed on breach of at least 30,000 Microsoft Exchange Servers - Community","isPartOf":{"@id":"https:\/\/www.tsfactory.com\/forums\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/#primaryimage"},"image":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/#primaryimage"},"thumbnailUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/03\/pexels-nothing-ahead-4567339.jpg","datePublished":"2021-03-08T13:30:01+00:00","dateModified":"2021-03-08T13:32:35+00:00","author":{"@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f"},"breadcrumb":{"@id":"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/#primaryimage","url":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/03\/pexels-nothing-ahead-4567339.jpg","contentUrl":"https:\/\/www.tsfactory.com\/forums\/wp-content\/uploads\/2021\/03\/pexels-nothing-ahead-4567339.jpg","width":1280,"height":1920},{"@type":"BreadcrumbList","@id":"https:\/\/www.tsfactory.com\/forums\/blog\/government-briefed-on-breach-of-at-least-30000-microsoft-exchange-servers\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.tsfactory.com\/forums\/"},{"@type":"ListItem","position":2,"name":"Government briefed on breach of at least 30,000 Microsoft Exchange Servers"}]},{"@type":"WebSite","@id":"https:\/\/www.tsfactory.com\/forums\/#website","url":"https:\/\/www.tsfactory.com\/forums\/","name":"Community","description":"TSFactory","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.tsfactory.com\/forums\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/9d9908f0e12559297335ebe9b601c82f","name":"Chelsie Wyatt","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.tsfactory.com\/forums\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/09ff3801fb7566acf715fe4e81a9bd942b923c236138a3ed8a8375f099e5d6d6?s=96&d=mm&r=g","caption":"Chelsie Wyatt"},"url":"https:\/\/www.tsfactory.com\/forums\/blog\/author\/chelsie\/"}]}},"_links":{"self":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/516","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/comments?post=516"}],"version-history":[{"count":1,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/516\/revisions"}],"predecessor-version":[{"id":518,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/posts\/516\/revisions\/518"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media\/517"}],"wp:attachment":[{"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/media?parent=516"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/categories?post=516"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tsfactory.com\/forums\/wp-json\/wp\/v2\/tags?post=516"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}