US emergency order for Chinese cyber attack “Has already hacked more than 30,000 units?”

On March 2, 2021, the US CISA issued an emergency order demanding rapid response to public institutions due to the problem of the Chinese government-affiliated hacker Hafnium exploiting the Microsoft groupware Exchange server vulnerability. On this issue, Microsoft is releasing tools to detect intrusions, but it doesn’t lead to a complete prevention of hacking, and experts point out that at least 30,000 organizations are already being hacked.

Microsoft announced on March 2 that it was under a zero-day attack on Exchange servers by Chinese government hackers. It is said to be related to a vulnerability related to ProxyLogon.

On this matter, CISA issued Emergency Order 21-02 on March 2. Among them, all organizations using Microsoft Exchange products and the private sector within the federal government were asked to disconnect their systems from the network until the Microsoft patch was applied.

The Microsoft patch that CISA requested to be applied by government agencies is a security update for Exchange Server that Microsoft urgently released on March 2. However, this program only mitigates or detects damage and does not completely prevent attacks. Microsoft’s Security Response Center MSRC stated that the countermeasures so far are only mitigation, and that it cannot be expected to improve the situation in which the Exchange server has already been infiltrated, or to fully protect it from attacks.

The White House also said at a press conference on March 5 that the Exchange server vulnerabilities are at risk of widespread impact.

There are reports that at least 30,000 organizations were hacked in the United States alone about the extent of the damage. A cybersecurity expert who requested anonymity said that a Chinese hacking group already controls hundreds of thousands of servers running Microsoft Exchange servers. Basically, one organization is running an Exchange server on one server, so even hundreds of thousands of affected organizations or organizations can reach them.

On March 6, Microsoft is releasing a tool to detect proxy logon intrusions, and CISA recommends using the tool. Related information can be found here.



Through the monthly AHC PC and HowPC magazine era, he has watched 'technology age' in online IT media such as ZDNet, electronic newspaper Internet manager, editor of Consumer Journal Ivers, TechHolic publisher, and editor of Venture Square. I am curious about this market that is still full of vitality.

Add comment

Follow us

Don't be shy, get in touch. We love meeting interesting people and making new friends.

Most discussed

%d 블로거가 이것을 좋아합니다: