2021 Microsoft Exchange Server data breach information
Series of cyberattacks exploiting Microsoft's email and calendar server
2021 Microsoft Exchange Server data breach
Date
5 January 2021 (exploit first reported)[1]
6 January 2021 (first breach observed)[1][2]
2 March 2021 (breach acknowledged)[3]
Location
Global
Type
Cyberattack, data breach
Cause
Microsoft Exchange Server zero-day vulnerabilities[4]
First reporter
Microsoft (public disclosure)[3]
Suspects
Hafnium,[5][6] and at least nine others.[7]
A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021[update], it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom,[8] as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).[9][10][11][12][13][14]
On 2 March 2021, Microsoft released updates for Microsoft Exchange Server 2010, 2013, 2016 and 2019 to patch the exploit; this does not retroactively undo damage or remove any backdoors installed by attackers. Small and medium businesses, local institutions, and local governments are known to be the primary victims of the attack, as they often have smaller budgets to secure against cyber threats and typically outsource IT services to local providers that do not have the expertise to deal with cyber attacks.[15]
On 12 March 2021, Microsoft announced the discovery of "a new family of ransomware" being deployed to servers initially infected, encrypting all files, making the server inoperable and demanding payment to reverse the damage.[16] On 22 March 2021, Microsoft announced that in 92% of Exchange servers the exploit has been either patched or mitigated.[17]
^ abCite error: The named reference Krebs was invoked but never defined (see the help page).
^Cite error: The named reference Greenberg-Wired was invoked but never defined (see the help page).
^ abCite error: The named reference Microsoft-CVE was invoked but never defined (see the help page).
^Cite error: The named reference :3 was invoked but never defined (see the help page).
^Cite error: The named reference BBC was invoked but never defined (see the help page).
^Cite error: The named reference Microsoft-HAFNIUM was invoked but never defined (see the help page).
^Cite error: The named reference :10 was invoked but never defined (see the help page).
^"Microsoft hack: 3,000 UK email servers remain unsecured". BBC News. 12 March 2021. Retrieved 12 March 2021.
^Murphy, Hannah (9 March 2021). "Microsoft hack escalates as criminal groups rush to exploit flaws". Financial Times. Retrieved 10 March 2021.
^O'Donnell, John (8 March 2021). "European banking regulator EBA targeted in Microsoft hacking". Reuters. Retrieved 10 March 2021.
^Duffy, Clare (10 March 2021). "Here's what we know so far about the massive Microsoft Exchange hack". CNN. Retrieved 10 March 2021.
^"Chile's bank regulator shares IOCs after Microsoft Exchange hack". BleepingComputer. Retrieved 17 March 2021.
^"Comisión para el Mercado Financiero sufrió vulneración de ciberseguridad: no se conoce su alcance". BioBioChile - La Red de Prensa Más Grande de Chile (in Spanish). 14 March 2021. Retrieved 17 March 2021.
^V, Vicente Vera. "CMF desestima "hasta ahora" el secuestro de datos tras sufrir ciberataque". Diario Financiero (in Spanish). Retrieved 17 March 2021.
^"America's small businesses face the brunt of China's Exchange server hacks". TechCrunch. 10 March 2021. Archived from the original on 17 March 2021. Retrieved 12 March 2021.
^Cite error: The named reference :8 was invoked but never defined (see the help page).
^"Microsoft: 92% of vulnerable Exchange servers are now patched, mitigated". www.msn.com. Retrieved 29 March 2021.
and 27 Related for: 2021 Microsoft Exchange Server data breach information
cyberattacks and databreaches began in January 2021 after four zero-day exploits were discovered in on-premises MicrosoftExchangeServers, giving attackers...
MicrosoftExchangeServer is a mail server and calendaring server developed by Microsoft. It runs exclusively on Windows Server operating systems. The...
The Shadow Brokers 2008 cyberattack on United States 2021 MicrosoftExchangeServerdatabreach Vulkan files leak Sanger, David E.; Perlroth, Nicole; Schmitt...
Possibly with Chinese associations, responsible for the 2021MicrosoftExchangeServerdatabreach. Hive was a notorious ransomware as a service (RaaS) criminal...
This is a list of reports about databreaches, using data compiled from various sources, including press reports, government news releases, and mainstream...
on Microsoft Windows, macOS, mobile devices, and on the web), enterprise products and services associated with these products such as ExchangeServer, SharePoint...
platform developed by Microsoft. It offers access, management, and the development of applications and services through global data centers. It also provides...
Microsoft Corporation is an American multinational corporation and technology company headquartered in Redmond, Washington. Microsoft's best-known software...
the programmer forum Experts-Exchange. In 2009, they started additional sites based on the Stack Overflow model: Server Fault for questions related to...
of perpetrating several cyberattacks, most notably the 2021MicrosoftExchangeServerdatabreach. While some attacks were for-profit ransomware incidents...
‘doubling’ every two hours Shadowserver (28 Mar 2021) Attackers Breach 21,000 MicrosoftExchangeServers, Install Malware Implicating Brian Krebs (krebsonsecurity...
infrastructure Electrical network Internet exchange point Internet hosting service Microsoft underwater data center Neher–McGrath method Network operations...
cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user's computer...
The 2018 SingHealth databreach was a databreach incident initiated by unidentified state actors, which happened between 27 June and 4 July 2018. During...
of perpetrating several cyberattacks, most notably the 2021MicrosoftExchangeServerdatabreach. In December 2009 and January 2010 a cyberattack, known...
that had an MD5 collision with a valid certificate issued by a Microsoft Terminal Server licensing certificate that used the broken MD5 hash algorithm...
Jersey-domiciled company specializing in cloud-based email management for MicrosoftExchange and Microsoft Office 365, including security, archiving, and continuity services...
originally featured a hybrid peer-to-peer and client–server system. It became entirely powered by Microsoft-operated supernodes in May 2012; in 2017, it changed...
encryption of private keys is done server side, which is unlikely to protect against government subpoena or a serious databreach.[citation needed] Users desiring...
Lithuanian VPN service provided by Nordsec Ltd with applications for Microsoft Windows, macOS, Linux, Android, iOS, Android TV, and tvOS. Manual setup...
Chinese state-sponsored actors for their involvement in the 2021MicrosoftExchangeServerdatabreach. In response, the Chinese Embassy in New Zealand lodged...
Global Information