CISA issues emergency alert to organizations running Microsoft Exchange

Threat to healthcare research traced to China

PARCA eNews – March 9, 2021 – The Cybersecurity and Infrastructure Security Agency (CISA) issued Emergency Directive (ED) 21-02 March 2, 2021 requiring federal civilian departments and agencies running Microsoft Exchange on-premises products to update or disconnect the products from their networks until updated with the Microsoft patch released yesterday.
CISA and the National Security Agency worked with Microsoft and security researchers to identify detection and mitigation approaches to these vulnerabilities, for which Microsoft released a patch.

Since the CISA ED, the Microsoft Threat Intelligence Center (MSTIC) attributed the attacks with "high confidence" to a "state-sponsored threat actor" based in China which they named Hafnium.

Microsoft said Hafnium had tried to steal information from groups such as infectious disease researchers, law firms, higher education institutions and defense contractors.

In a March 8 update, Microsoft warned that multiple malicious actors were rushing to exploit the unpatched Exchange vulnerability exposed by Hafnium and urged customers to deploy the patch as soon as possible.

Read more…

Sources: CISA press release and Microsoft Security blog