[ad_1]
Photo: rnbo.gov.ua
China’s cyber group Hafnium was the most active
Cybercriminals can gain full access to the server. Microsoft Exchange Server software products were found to be vulnerable.
The National Coordination Center of the NSDC of Ukraine warned about the active exploitation of vulnerabilities in the widespread Microsoft Exchange software product, reports the NSDC press service.
“In the event of successful exploit of vulnerabilities, attackers have the ability to execute arbitrary code on vulnerable systems and gain full access to the compromised server, including access to files, email, and accounts. Successful exploit of vulnerabilities allows them to gain unwanted access. authorized to the resources of the internal network of an organization ”, he emphasized in the NSDC.
Therefore, the department noted that the vulnerable software products are Microsoft Exchange Server 2010, Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, Microsoft Exchange Server 2019.
“The vulnerabilities CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, CVE-2021-27065 (common name: ProxyLogon) are now actively exploited, for the vulnerabilities CVE-2021-26412, CVE-2021- 26854, CVE -2021-27078 there are no publicly available exploits, “the department noted.
The NSDC explained that China’s cyber espionage group Hafnium was the most active in exploiting vulnerable systems. However, the activities of other hacker groups have now been revealed.
“The facts of infection of vulnerable systems with ransomware, in particular, the new DearCry families, DoejoCrypt, have been confirmed. The ransom amount demanded by the criminals in one of the confirmed cases amounted to more than $ 16,000,” said the NSDC.
According to Ukrainian experts, the compromised servers are also used to send malicious programs to other users, trying to infect as much as possible.
“Several such incidents have already been recorded in Ukraine,” the department noted.
Microsoft is also reported to have released service packs for vulnerable versions and software tools designed to self-test for vulnerabilities: https://github.com/microsoft/CSS-Exchange/tree/main/Security.
“When installing service packs, keep the following in mind. Updates must be applied from the command line as a user with administrator rights, after installation, you must restart the server. After the update process is complete, you must re- verify vulnerability exploitation (tools: MSERT utility https: // docs .microsoft.com / en-us / windows / security / Threat-Protection / Intelligence / Safety-Scanner-Download or nmap script https: // github. com / GossiTheDog / scanning / blob / main / http-vuln-exchange.nse) “, – explained at the NSDC.
As of March 12, 2021, more than 1,000 vulnerable Microsoft Exchange servers were identified in the country, of which 98.7% are used by individuals.
Before that, we wrote that hackers from the Russian Federation gained access to Microsoft’s source code.
Previously, Ukraine announced a high level of cyber threat in December.
News of Correspondent.net on Telegram. Subscribe to our channel https://t.me/korrespondentnet
