The alarm about the ongoing hack of Microsoft Exchange Server, which began as early as January, appears quite justified. Microsoft believes a state-sponsored Chinese group called Hafnium orchestrated the attack that exploited flaws in Exchange software to gain access to email accounts and install unauthorized software, gaining full control of affected systems.
Hafnium primarily targets entities in the United States across a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs, according to Microsoft.
In a tweet, the United States Cybersecurity and Infrastructure Security Agency (CISA) urged “ALL organizations” across “ALL sectors” to follow its guidance to address the email software’s vulnerabilities.
The number of U.S.-based organizations affected is estimated to be at least 30,000, while worldwide that number is close to 100,000. The vulnerability can be exploited to compromise networks, steal information, encrypt data for ransom, or even execute a destructive attack. CISA advises business leaders at all organizations to ask IT personnel to immediately address this incident or get third-party IT support.
A Hafnium attack should trigger any cyber insurance an organization has in place, according to Lockton, an insurance broker. Lockton recommends that organizations contact their insurer only if they discover that the vulnerabilities being exploited are present in the system. If an attack is underway, it should be reported to cyber insurers immediately.