Hackers target on premises Microsoft Exchange server vulnerabilities

Mar 03, 2021 - 12:51 PM
FDAcybersecurity

Cyber attackers are using Microsoft Exchange Server vulnerabilities to access Exchange server email accounts on an organization’s premises and install malware to facilitate long-term access to victim environments, the Microsoft Threat Intelligence Center announced yesterday.

It suspects a potentially state-sponsored group out of China called HAFNIUM is behind the campaign. According to Microsoft, Exchange Online is not affected.

“We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately to protect against these exploits and prevent future abuse across the ecosystem,” the center said.

John Riggi, AHA senior advisor for cybersecurity and risk, said, “This is another example, like the SolarWinds breach, of what is believed to be a sophisticated nation-state-supported actor seeking to compromise ubiquitous and fundamental third-party software services as a means for widespread penetration of entire sectors of the U.S. economy. It is also important to note for the health care sector that the HAFNIUM cyber adversary is specifically targeting infectious disease research, among other data. This is consistent with documented criminal cases of the Chinese government’s aggressive pursuit of U.S. medical research and innovation.”

For more information on nation-state cyber threats targeting health care or other cyber issues, contact Riggi at jriggi@aha.org.

Related News Articles

Headline
FBI warns of North Korean ‘Maui’ ransomware threat on health care and public sectors
The FBI today issued a “white” joint cybersecurity advisory warning of ransomware threats against the U.S. health care and public sectors. The bureau said the…
Headline
Agencies alert private sector to ransomware threat
The FBI, Cybersecurity and Infrastructure Security Agency, Department of the Treasury, and Financial Crimes Enforcement Network today urged organizations to…
Headline
AHA voices support for bill to protect medical device cybersecurity 
 AHA Friday voiced support for the Protecting and Transforming Cyber Health Care Act (S. 3983/H.R. 7084), legislation that would require medical device…
Headline
Organizations urged to protect networks from China-backed cyber threats
The National Security Agency, Cybersecurity and Infrastructure Security Agency and FBI this week urged U.S. organizations to apply available patches,…
Headline
Senate considers how to better protect health care from cyber threats
The Senate Health, Education, Labor and Pensions Committee last week held a hearing on how to strengthen cybersecurity in the health care and education…
Headline
Agencies directed to patch critical cloud software vulnerabilities
The Cybersecurity and Infrastructure Security Agency yesterday directed federal agencies to take emergency action to prevent cyber actors from exploiting…