Microsoft Exchange Server Hack: What Do You Need to Know?

Microsoft exchange hack

“Firms and government agencies in the United States who use a Microsoft email exchange server may have been jeopardized in an aggressive hacking campaign that was sponsored by the Chinese government”, Microsoft said.

Why did this happen? How did this happen? What should you do next? Continuing reading for answers to all of these questions about the Microsoft Exchange Hack:


The number of sufferers is anticipated to be in the tens of thousands and may continue to rise, some security experts believe, since the investigation into the violation continues. The hackers had stealthily attacked several targets in January, according to Volexity, the cybersecurity firm that found the hack, but escalated their attempts in recent weeks since Microsoft moved to repair the vulnerabilities exploited in the assault.

The U.S. government’s cybersecurity agency issued a crisis warning on Wednesday amid worries that the hacking effort had affected a high number of targets. On Friday, the cybersecurity reporter Brian Krebs reported that the assault had struck at least 30,000 Microsoft clients.

Four zero-day vulnerabilities in Microsoft Exchange Server are being actively manipulated by a state-sponsored threat group from China and seem to have been adopted by other cyber attackers in widespread attacks.

While in no way is it thought to be connected to the SolarWinds supply chain attack that has impacted an estimated 18,000 organizations globally — up to now — there’s concern that loopholes in patching vulnerable servers could have a similar impact, or worse, even on companies.

Asked if China was responsible for the hack, Wang Wenbin, a spokesman for China’s Ministry of Foreign Affairs, stated: “China has reiterated on several occasions that given the virtual character of cyberspace, tracing the source of cyberattacks is a complex technical matter. It is also an extremely sensitive political issue to pin the label of a cyberattack to a specific government.”


In the hack that Microsoft has imputed to the Chinese, there are estimates that 30,000 or so clients were impacted when the hackers exploited holes in Exchange, a calendar and mail server created by Microsoft. Those systems are used by a broad range of customers, from small businesses to local and state governments and some military contractors. The hackers could steal emails and set up malware to keep surveillance of those impacted.

Microsoft said the Exchange vulnerabilities are being targeted by a previously unidentified Chinese hacking crew it called “Hafnium,” and said the team was running targeted attacks on email systems used by a range of industry sectors, such as infectious disease investigators, law firms, higher education associations, defense contractors, policy think tanks, and NGOs.

In the three times since then, safety experts say the identical Chinese cyber-espionage group has radically stepped up strikes on any exposed, unpatched Exchange servers globally.

In each episode, the intruders have left behind a”net shell,” an easy-to-use, password-protected hacking tool that may be retrieved on the internet from almost any browser. The web shell gives the attackers administrative access to the victim’s computer servers.

Speaking on condition of anonymity, two cybersecurity experts who’ve briefed U.S. national security advisors on the assault told KrebsOnSecurity the Chinese hacking group thought to be responsible has seized control over “hundreds of thousands” of Microsoft Exchange Servers worldwide — with each victim system representing roughly one organization that uses Exchange to process email.


“The best security would be to apply updates as soon as possible across all impacted systems,” a Microsoft spokesperson said in a written statement. “We continue to help clients by giving further investigation and mitigation advice. Impacted customers should contact our service teams for additional help and resources.”

Meanwhile, CISA has issued a crisis directive ordering all federal civilian departments and agencies running vulnerable Microsoft Exchange servers to update the software or detach the products out of their networks.

Microsoft has urged IT administrators and clients to apply the safety fixes immediately. But just because fixes are implemented now, this doesn’t mean that servers haven’t already been back-doored or compromised.


While we are always here to give you helpful tips and suggestions, your best bet is to implement a safe and secure fortification around yourself if you run your own business (even if it’s just you at home). Our team here at Charlotte IT Solutions can help with that. No matter how large or small your business is, we will tailor-curate a network security system just for you. All you need to do is send us an email or give us a call to get started. We’ll take it from there.