In the period from January to March, Microsoft Exchange Server software suffered from a series of significant data breaches caused by the exploitation of four vulnerabilities. These vulnerabilities were primarily exploited by a group named Hafnium, but numerous other threat actors quickly followed suit.
Affected vertical: Information Technology, but as many organizations use Exchange Server, the reach was cross-sector.
MITRE Tactics:
- Initial Access (TA0001): The adversaries gained access to the network by exploiting vulnerabilities in the server software.
- Execution (TA0002): The malicious code was executed on the server, providing unauthorized access.
- Persistence (TA0003): By installing web shells, the attackers maintained access even after the initial vulnerabilities were patched.
CVEs:
- CVE-2021-26855, Microsoft link, NVD link
- CVE-2021-26857, Microsoft link, NVD link
- CVE-2021-26858, Microsoft link, NVD link
- CVE-2021-27065, Microsoft link, NVD link