Top Class Actions’s website and social media posts use affiliate links. If you make a purchase using such links, we may receive a commission, but it will not result in any additional charges to you. Please review our Affiliate Link Disclosure for more information.
Hackers have reportedly exploited a weakness in Microsoft email software and are targeting small businesses, universities, government, and defense contractors.
An emergency security update was released by the tech company on March 2 to address a security issue in Microsoft’s Exchange Server versions 2013 through 2019, according to Krebs on Security. Not everyone has implemented the patch, though, and Chinese hackers are reportedly exploiting vulnerable organizations. In addition, even if the security update is installed, hackers may have already left a way in that cannot be removed by Microsoft’s patch.
At least 30,000 organizations have been hit by hackers who are stealing email communications from defense contractors, infectious disease researchers, universities, and law firms, along with other nonprofit organizations, government, and small businesses. In addition, the hackers may be able to take over systems or install “backdoors” that allow them access later, says Krebs.
Although a class action lawsuit has not been filed, many consumers may be affected. If your information was compromised in a data breach you could join a class action lawsuit investigation.
Indeed, the security flaw was identified by researchers months ago, according to Krebs; however, experts say that the hacking group, called Hafnium, has stepped up its attacks in recent days.
“The truth is, if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised,” Steven Adair, President of computer security company Volexity told Krebs.
The hackers leave a web shell in the victims’ vulnerable Microsoft email software. Hackers can use this password-protected shell to gain administrative access to the email system and company servers, says Krebs.
“The best protection is to apply updates as soon as possible across all impacted systems,” Microsoft said to Krebs on Security in a statement. “We continue to help customers by providing additional investigation and mitigation guidance. Impacted customers should contact our support teams for additional help and resources.”
Microsoft is reportedly working with the federal government to address the security issue. U.S. Cybersecurity & Infrastructure Security Agency (CISA) has issued an emergency directive to federal civilian departments, mandating that they update Microsoft email software or disconnect their systems from the network.
“CISA partners have observed active exploitation of vulnerabilities in Microsoft Exchange on-premises products,” says the statement. “Successful exploitation of these vulnerabilities allows an attacker to access on-premises Exchange Servers, enabling them to gain persistent system access and control of an enterprise network.”
The White House has also indicated concern, telling reporters on Friday that the attack could “could have far-reaching impacts,” according to Reuters.
Has your business or organization been hit by hackers targeting the Microsoft email security hole? Tell us about your experience in the comment section below.
Read About More Class Action Lawsuits & Class Action Settlements:
11 thoughts on30K U.S. Organizations Hit by Hackers Targeting Microsoft Email
Addme