Christina Spicer  |  March 8, 2021

Category: Data Breach

Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.

Hackers reportedly exploit Microsoft email security flaw.

Hackers have reportedly exploited a weakness in Microsoft email software and are targeting small businesses, universities, government, and defense contractors. 

An emergency security update was released by the tech company on March 2 to address a security issue in Microsoft’s Exchange Server versions 2013 through 2019, according to Krebs on Security. Not everyone has implemented the patch, though, and Chinese hackers are reportedly exploiting vulnerable organizations. In addition, even if the security update is installed, hackers may have already left a way in that cannot be removed by Microsoft’s patch. 

At least 30,000 organizations have been hit by hackers who are stealing email communications from defense contractors, infectious disease researchers, universities, and law firms, along with other nonprofit organizations, government, and small businesses. In addition, the hackers may be able to take over systems or install “backdoors” that allow them access later, says Krebs. 

Although a class action lawsuit has not been filed, many consumers may be affected. If your information was compromised in a data breach you could join a class action lawsuit investigation

Indeed, the security flaw was identified by researchers months ago, according to Krebs; however, experts say that the hacking group, called Hafnium, has stepped up its attacks in recent days. 

“The truth is, if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised,” Steven Adair, President of computer security company Volexity told Krebs. 

The hackers leave a web shell in the victims’ vulnerable Microsoft email software. Hackers can use this password-protected shell to gain administrative access to the email system and company servers, says Krebs. 

“The best protection is to apply updates as soon as possible across all impacted systems,” Microsoft said to Krebs on Security in a statement. “We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources.”

Microsoft is reportedly working with the federal government to address the security issue. U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an emergency directive to federal civilian departments, mandating that they update Microsoft email software or disconnect their systems from the network. 

“CISA partners have observed active exploitation of vulnerabilities in Microsoft Exchange on-premises products,” says the statement. “Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.”

The White House has also indicated concern, telling reporters on Friday that the attack could “could have far-reaching impacts,” according to Reuters

Has your business or organization been hit by hackers targeting the Microsoft email security hole? Tell us about your experience in the comment section below.

We tell you about cash you can claim EVERY WEEK! Sign up for our free newsletter.

11 thoughts on30K U.S. Organizations Hit by Hackers Targeting Microsoft Email

  1. Justina Palacio says:

    Addme

Leave a Reply

Your email address will not be published. By submitting your comment and contact information, you agree to receive marketing emails from Top Class Actions regarding this and/or similar lawsuits or settlements, and/or to be contacted by an attorney or law firm to discuss the details of your potential case at no charge to you if you qualify. Required fields are marked *

Please note: Top Class Actions is not a settlement administrator or law firm. Top Class Actions is a legal news source that reports on class action lawsuits, class action settlements, drug injury lawsuits and product liability lawsuits. Top Class Actions does not process claims and we cannot advise you on the status of any class action settlement claim. You must contact the settlement administrator or your attorney for any updates regarding your claim status, claim form or questions about when payments are expected to be mailed out.