Hackers target on premises Microsoft Exchange server vulnerabilities

Mar 03, 2021 - 12:51 PM
FDAcybersecurity

Cyber attackers are using Microsoft Exchange Server vulnerabilities to access Exchange server email accounts on an organization’s premises and install malware to facilitate long-term access to victim environments, the Microsoft Threat Intelligence Center announced yesterday.

It suspects a potentially state-sponsored group out of China called HAFNIUM is behind the campaign. According to Microsoft, Exchange Online is not affected.

“We are sharing this information with our customers and the security community to emphasize the critical nature of these vulnerabilities and the importance of patching all affected systems immediately to protect against these exploits and prevent future abuse across the ecosystem,” the center said.

John Riggi, AHA senior advisor for cybersecurity and risk, said, “This is another example, like the SolarWinds breach, of what is believed to be a sophisticated nation-state-supported actor seeking to compromise ubiquitous and fundamental third-party software services as a means for widespread penetration of entire sectors of the U.S. economy. It is also important to note for the health care sector that the HAFNIUM cyber adversary is specifically targeting infectious disease research, among other data. This is consistent with documented criminal cases of the Chinese government’s aggressive pursuit of U.S. medical research and innovation.”

For more information on nation-state cyber threats targeting health care or other cyber issues, contact Riggi at jriggi@aha.org.

Related News Articles

Headline
HS releases mobile device security checklist, update on ransomware threat 
The Department of Health and Human Services yesterday released a mobile device security checklist for the health care sector, and an update on the…
Headline
Hacking the Hackers: The FBI’s Takedown of the Hive Ransomware Gang
In this AHA podcast, hear the inside story on the FBI’s successful infiltration and shutdown of a cybercriminal gang that specialized in hospital and health…
Headline
Agencies recommend action to protect against LockBit ransomware variant
The FBI, Cybersecurity and Infrastructure Security Agency, and Multi-State Information Sharing & Analysis Center today provided actionable intelligence and…
Headline
Senate holds hearing on cyber risks to health care sector
The Senate Homeland Security and Governmental Affairs Committee today held a hearing examining cybersecurity risks to the health care sector. Witnesses…
Headline
Private-public partners release guide to implementing cybersecurity framework
The Health Sector Coordinating Council public-private partnership and Department of Health and Human Services today released a guide to help health care…
Headline
Agencies recommend action to protect networks from compromise
The Cybersecurity & Infrastructure Security Agency this week released recommendations to help health care and other critical infrastructure organizations…