Microsoft warned of the vulnerability last Tuesday and issued corrections. In the Netherlands, this warning was distributed by the National Cybersecurity Center (NCSC) of the Ministry of Justice and Security on Friday. According to the center, the pit is also actively used in the Netherlands. It is imperative to check if the error is exploited. Microsoft has made PowerShell scripts available for this.
Make victims very quickly
Since the international warning, the hackers are said to have stepped up their attacks to kill as many victims as possible as quickly as possible. They have also installed proprietary software that allows them to regain access to affected systems later.
The attack is attributed to a new pirate group called Hafnium. The group is said to have links with the Chinese authorities. The attacks will mainly target scientific institutions, defense companies, think tanks, and NGOs.
Krebs adds a caveat that ransomware packages also potentially take advantage of vulnerabilities due to the relative ease with which they can be exploited. Some of the compromised Exchange servers also appear to contain bits of a crypromining program called DLTminer, says the IT security guard. Red canary On Twitter.
Devoted music ninja. Zombie practitioner. Pop culture aficionado. Webaholic. Communicator. Internet nerd. Certified alcohol maven. Tv buff.