Multiple government-backed hacking groups exploit a vulnerability that Microsoft corrected last month in Microsoft Exchange mail servers, and exploits were first monitored by British Cyber Security Company Volexity, and a Ministry of Defense source confirmed to ZDNet.
Volexity declined to mention the names of the hacking groups that exploit the vulnerability (CVE-2020-0688) in Microsoft Exchange, while the source at the Ministry of Defense described the hacking groups as including all the major players, refusing to name the groups or countries.
Microsoft issued a correction of the error on February 11, and warned system administrators against it, and demanded that the patch be installed as soon as possible, in light of its expectation of future attacks, and matters escalated at the end of the month when the (Zero Day) initiative, which reported Microsoft the error, published a report Technically explains in detail the error and how it works.
The report served as a roadmap for security researchers, who used the information included in the report to be able to test their servers, as in many other cases before, as once the technical details became general, hackers also began to pay attention.
The group of hackers began a day after the publication of the report Zero Day, that is, on February 26, to scan the Internet for servers Microsoft Exchange, in order to compile lists of uncorrected servers that can be targeted at a later time.
According to Volexity, internet scans for Microsoft Exchange servers have turned into physical attacks by APT or advanced persistent threats, a term often used to describe state-sponsored piracy groups, and other groups are also likely to follow suit. .
It is noteworthy that exploiting the vulnerability (CVE-2020-0688) in (Microsoft Exchange) is not an easy thing, as hackers need the credentials of an email account on the server, and they first need to log in and then run malicious programs that hijack the victim’s email server .