.png "back to home page")
So basically everything has been hacked at this point https://t.co/FUDS8h4jzN
— Brian Floyd (@BrianMFloyd) March 5, 2021
.@Mandiant Managed Defense observed multiple instances of abuse of Microsoft Exchange Server within at least one client environment.
— FireEye (@FireEye) March 5, 2021
So we built #threathunting campaigns to identify additional Exchange Server abuse.
Learn more: https://t.co/rahvOMiW5X pic.twitter.com/jDJxuZDF3N
We need to take a stronger stance against the CCP's hacking activity & human rights record https://t.co/Ae02dhjzMo
— jason@calacanis.com (@Jason) March 6, 2021
“The truth is, if you’re running Exchange and you haven’t patched this yet, there’s a very high chance that your organization is already compromised.” https://t.co/VwchX9H63j
— balajis.com (@balajis) March 7, 2021
"The initial avenue of attack was discovered by prominent Taiwanese cyber researcher Cheng-Da Tsai, WHO SAID HE REPORTED THE FLAW TO MICROSOFT IN JANUARY." https://t.co/9btRAuVg3p
— David Beard (@dabeard) March 6, 2021
Uhhhh what does this mean in practical terms and most importantly do they have my search history now https://t.co/iXrJ4nm39X
— Danny Gold (@DGisSERIOUS) March 6, 2021
Why would anyone be running their own Exchange server in 2021?https://t.co/f9kPaX53yw
— Gavin Baker (@GavinSBaker) March 6, 2021
Microsoft has released an updated script that scans email server log files for indicators of compromise associated with the vulnerabilities. You can learn more about this detection tool at https://t.co/Y688SGIxgA.
— FBI (@FBI) March 7, 2021
The detection principle is based on the NSE script provided by MS https://t.co/VUJu2f3OHg
— heige (@80vul) March 6, 2021
The fallout from the Microsoft Exchange Server vulnerabilities continues to grow.
— Eric Geller (@ericgeller) March 6, 2021
In the days before Microsoft patched the flaws, the Chinese hackers who had been quietly exploiting them abandoned stealth and started hunting for vulnerable systems worldwide. https://t.co/jQz6lsE7kk
"China just owned the world—or at least everyone with Outlook Web Access." https://t.co/zKjUZP7Zyk
— Felix Salmon (@felixsalmon) March 6, 2021
“the Chinese theft of email seemed stealthy and targeted......Then suddenly about a week ago, shortly before Microsoft issued its patch, the activity exploded.....It was, he said, almost as if they suspected a patch was forthcoming” ? https://t.co/cnK9kZOvb5
— Gordon Corera (@gordoncorera) March 6, 2021
A #China-linked hack on Microsoft email software has hit thousands of #US businesses, government offices and schools, people briefed on the matter said
— Indo-Pacific News - Watching the CCP-China Threat (@IndoPac_Info) March 6, 2021
Attack comes as many companies are racing to install a software fixhttps://t.co/dL6YAqRdgZ
I don't think people grasp the depth and breadth of Chinese info gathering. So when I see uninformed nonsense drivel from so called experts that blocking Huawei is similar to the Great Firewall, it is more than just bad work it is dangerous and wrong https://t.co/hwwN3Fu1JX
— 2022 Olympian Balding 大老板 (@BaldingsWorld) March 6, 2021
That sucks for a lot of IT and sysadmins out there this weekend, especially the ones that didn't patch (patching Exchange servers on patch Tuesday usually doesn't happen to having to test the patches out first or roll out at a time of their choosing). Hits bigly. https://t.co/9p51pKvgbx
— Chris Humphries ? (@sogonsec) March 5, 2021
Not what you want to hear about a hack like this: “It just kept getting worse and worse.” https://t.co/3PiEkVgd8F
— o...k (@kateconger) March 7, 2021
Regarding recent exchange zero-days: FireEye says that based on their telemetry, they have identified "an array of affected victims including US-based retailers, local governments, a university, and an engineering firm"https://t.co/OTzf6loPjH pic.twitter.com/Hr8h0F9Nbt
— Catalin Cimpanu (@campuscodi) March 5, 2021
Blown away that some of the largest media outlets including NYT and WaPo still have nothing about this mass Exchange server hack on hundreds of thousands of organizations. Esp. now that govies are saying it's a giant mess domestically and worldwide. https://t.co/IdSboDUys9
— briankrebs (@briankrebs) March 6, 2021
All the details captured in our blog: https://t.co/My1ZZhqhsT
— Tanmay Ganacharya (@tanmayg) March 6, 2021
Important to remember that China doesn’t want all these targets. Like other recent incidents broad footholds will allow them to select victims that offer the intelligence or access they want most. https://t.co/3Koo09m9Nm
— John Hultquist (@JohnHultquist) March 6, 2021
Is it just me or is the webshell in the @FireEye report on #HAFNIUM https://t.co/AAwx5hyfuH almost identical to the TwoFace shell reported by @PaloAltoNtwks https://t.co/YeOl0uVTRi in 2017. pic.twitter.com/NeHAh5SHsN
— KevTheHermit (@KevTheHermit) March 6, 2021
America spends so much time worried about Huawei routers in other countries only to get massively hacked every month through Microsoft services https://t.co/ttzYVYvFzz
— Alex B ? (@somospostpc) March 6, 2021
Here is an official MS nmap script which identifies if your systems are vulnerable to Exchange vulns, regardless of the CU/SU situation. No authentication required.
— Kevin Beaumont (@GossiTheDog) March 6, 2021
InfoSec peeps, use it to find your systems and validate patching.https://t.co/tGXd9gWQeD
This piece by @nakashimae went up ~ 3 PM, a couple hours after your tweet, & attributed you: https://t.co/jVeRNCZU14 (I’d call you an independent investigative journalist, but whatever.)
— Alex Howard (@digiphile) March 6, 2021
WaPo reporting ~30,000 entities affected; are you seeing this is much more widespread? pic.twitter.com/Vy48ji5Psh
Some 30,000 US entities have been hacked through the four Exchange server vulns that Microsoft patched this wk - the vulns allow hackers to steal email from victims. Victims include "a significant number of small businesses, towns, cities and local govs" https://t.co/t9X6HI20r4
— Kim Zetter (@KimZetter) March 5, 2021
Confirming @briankrebs reporting that Chinese group Hafnium has now exploited Microsoft Exchange zero-days to hack tens of thousands of networks. One researcher says 30k servers in the US alone, hundreds of thousands globally. "China just owned the world." https://t.co/C1FkmBVLNI
— Andy Greenberg (@a_greenberg) March 6, 2021
There are plenty of smart people working in USG, industry, academia etc on cybersecurity. There is an entire cybersecurity ecosystem that’s been built over many years. But we keep getting pummeled. Something about the US approach is fundamentally broken. https://t.co/Jzknc3Zzxd
— Carrie Cordero (@carriecordero) March 7, 2021
Mitigations for Exchange vulnerabilities if you cannot at present patch https://t.co/aN489jcYex
— Kevin Beaumont (@GossiTheDog) March 5, 2021
Awful. I feel bad for sysadmins who are managing Microsoft Exchange Server email software right now. At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software https://t.co/tZPfLUcTCu
— nixCraft (@nixcraft) March 6, 2021
It’s not just the exploitation. It’s not just the webshells left behind. What did the adversaries take? Legitimate credentials are an excellent first objective for any adversaries seeking to survive the patch and webshell eradication. Investigate intrusions. https://t.co/cdsnENgctP
— Andrew Thompson (@anthomsec) March 6, 2021
NEW: Biden administration moving to address a global compromise by Chinese and other hackers of Microsoft email servers. It's looking at standing up an emergency group to address the issue, officials say. https://t.co/dnAoecia5z
— Ellen Nakashima (@nakashimae) March 6, 2021
This is bad. Like in: Really, really bad. https://t.co/NsZnY8HcxY
— Andreas Proschofsky (@suka_hiroaki) March 6, 2021
Chinese state hackers compromised 30,000 American email accounts. Now, the White House is figuring out how to respond.
— Alex ? (@Alex_at_ACHK) March 6, 2021
“The White House is looking at convening an emergency group of government agencies to address the issue”https://t.co/aiUi0JSJ7m
Estimates for the size of the Microsoft Exchange hack have varied widely among experts and people probing the attack. Multiple people said more than 100,000 servers worldwide are likely victimized, and some said it eclipsed 250,000. https://t.co/AFlO0763Go
— Dustin Volz (@dnvolz) March 6, 2021
We're not anywhere near being able to judge yet how bad either incident really is. Much depends on whether this adversary is OK w/ being even bolder, & using their backdoors to get deeper into victim networks. They were in a hurry to pwn all these servers, why not sweep the leg? https://t.co/ByKeGFp0C9
— briankrebs (@briankrebs) March 6, 2021
Meanwhile, back at infosec, everyone who runs an Exchange server is having a very bad day: https://t.co/xYAWouHpiw
— Eva (@evacide) March 6, 2021
At least 30,000 Microsoft customers’ data have been compromised in an aggressive hacking campaign that the company said was likely sponsored by China.
— The New York Times (@nytimes) March 6, 2021
The attack is already believed to be bigger than the December intrusion by Russian hackers. https://t.co/AkFmpdD2l2
Whole thread here has logic of which you should be aware. https://t.co/SrKkCjNVGn
— Horkos @ the Centre for Unilateral Analysis (@WylieNewmark) March 6, 2021
US officials are scrambling to assess the fallout from vulnerabilities in widely used Microsoft software.
— Jeff Stone (@jeffstone500) March 6, 2021
"Obviously this is a big F’ing deal," as one told @snlyngaas. https://t.co/XGwRG3v4w3
Well, this sounds pretty bad. https://t.co/Ekn9lVSiCV
— Dan Linden (@DanLinden) March 5, 2021
Microsoft previously blogged our strong recommendation that customers upgrade their on-premises Exchange environments to the latest supported version. | https://t.co/tm2Ur1vkSv
— 780th Military Intelligence Brigade (Cyber) (@780thC) March 7, 2021
“Some local officials I have talked to don’t have the IT support to check or aren’t sure what to do if they find activity,” @mastersonmv said. “They need to seek state, federal or private-sector assistance as soon as possible.” https://t.co/aiESaZ9urv
— Sean Lyngaas (@snlyngaas) March 6, 2021
Working in cybersecurity this past year https://t.co/dxGmGEJaCB pic.twitter.com/sFCFJQsBvc
— MalwareTech (@MalwareTechBlog) March 5, 2021
The loud sucking sound you hear is the inertia of thousands of companies beginning to migrate their on-prem email to cloud-hosted SAAS solutions https://t.co/YNnAZvhE62
— One Matt among many (@0xMatt) March 6, 2021
This is a crazy huge hack. The numbers I've heard dwarf what's reported here & by my brother from another mother (@briankrebs). Why, though? Is this a flex in the early days of the Biden admin to test their resolve? Is it an out of control cybercrime gang? Contractors gone wild? pic.twitter.com/cA4lkS4stg
— Chris Krebs (@C_C_Krebs) March 6, 2021
New blog alert by @anthomsec, @_bromiley, and co. on the Microsoft Exchange Zero-Days. Details on web shells seen, investigation tips, and IOCs with Last Know True timestamps. ?https://t.co/mWy0p5ai8G
— iamshley.a (@iamshley_a) March 5, 2021
Earlier this week, @Microsoft shared #zeroday vulnerabilities used to attack on-prem versions of Microsoft Exchange Server.
— Mandiant (@Mandiant) March 5, 2021
Managed Defense found multiple instances of abuse in at least one client environment starting in Jan. 2021.
▶️ Get the details: https://t.co/enOkTRzTPp pic.twitter.com/gk2s7Oh2PQ
People reported false negatives against 2013. It's now fixed: https://t.co/IknjN4vRkL
— Justin Hendricks (@Script_Happens) March 7, 2021
A cyberattack on Microsoft's Exchange email software is believed to have infected tens of thousands of businesses, government offices and schools in the U.S. https://t.co/PxLd9Wslhk
— WSJ Tech (@WSJTech) March 6, 2021
I wonder what password the intern used this time. https://t.co/C9x2q8oQ6k
— Stephanie Carvin (@StephanieCarvin) March 6, 2021
This is why you should never send sensitive info via email. Attach files using Dropbox or Drive and remove when they've been received.https://t.co/lrgJ9yXC1s
— Artem Russakovskii (@ArtemR) March 5, 2021
The Biden administration is increasingly sounding the alarm over a series of newly discovered cyber intrusions that Microsoft said this week were linked to China https://t.co/W0iu8Ij2H4 ... w/ @b_fung @MarquardtA
— Geneva Sands (@Geneva_Sands) March 6, 2021
YOU get a backdoor!
— Jameson Lopp (@lopp) March 5, 2021
And YOU get a backdoor!
And YOU get a backdoor!https://t.co/e1l5mvNuTt
In case you’re an Outlook company and still haven’t caught wind of this https://t.co/xcfa1yVpHU
— ʝօɦռռʏ Ӽʍǟֆ, PhADHD (@J0hnnyXm4s) March 6, 2021
Scripts such as the one from Kevin Beaumont [https://t.co/VCQMD3PHtO] identify vulnerable servers rather than compromised ones. To determine if a server is compromised, additional forensic analysis is needed. -Katie Nickels #RCintel (3/3)
— Red Canary (@redcanary) March 6, 2021
The potential scale of this hack is hard to overstate, with estimates of global victims into the hundreds of thousands. CISA held a call Friday with more than 4,000 critical infrastructure partners and state/local governments urging immediate patching. https://t.co/AFlO0763Go
— Dustin Volz (@dnvolz) March 6, 2021
#Update: Microsoft's script scans email server log files for indicators of compromise, but doesn't remediate compromised servers. Contact your local FBI office if your org. detects compromise. More about the detection tool here: https://t.co/hUcWpt2Q1bhttps://t.co/ytpOvPgIgk pic.twitter.com/OVyvYGVi0r
— FBI Denver (@FBIDenver) March 7, 2021
Another large cyberhack linked to China and our response is zip. Why? https://t.co/TtTELWRbNS
— Andrew Malcolm (@AHMalcolm) March 6, 2021
Experts interviewed described the cleanup effort required from this attack as "urgent," "unprecedented" and "Herculean." From the list of victims I've seen so far, the scope of this attack is fairly staggering. pic.twitter.com/P0ellVa9PR
— briankrebs (@briankrebs) March 5, 2021
...and not all by APTs
— Catalin Cimpanu (@campuscodi) March 5, 2021
Don't flatter yourself. Your small flower shop is getting raided by ransomware gangs, not APT41 & friends https://t.co/BBCt1Gjy5s
Frustrating to see the @WashingtonPost put reporting on the China-linked compromise of @microsoft email servers on A19. https://t.co/jVeRNCZU14 National security stories should be front-page news on Sunday; placement does drives both action & priorities in Congress & @WhiteHouse pic.twitter.com/o2pvBdwM1G
— Alex Howard (@digiphile) March 7, 2021
Thoughts on the Hafnium Exchange hack: (1) it's going to disproportionately impact those that can least afford it (SMBs, Edu, States, locals), (2) incident response teams are BURNED OUT & this is at a really bad time, (3) few orgs should be running exchange servers these days. https://t.co/bc5yutThve
— Chris Krebs (@C_C_Krebs) March 6, 2021
Observed volume of copycat attacks is growing. Microsoft's strong recommendation is to patch patch patch... https://t.co/Qm97L2n99t
— Nıŋʝąƈąɬ ? (@RavivTamir) March 6, 2021
“Many of those victims of the attack, which Microsoft has said was carried out by a network of suspected Chinese hackers, appear to be small businesses and state & local governments...Tens of thousands of customers appear to have been affected...” https://t.co/Ls6ziI0BoD
— Margaret Brennan (@margbrennan) March 6, 2021
Wild — @briankrebs had reported tens of thousands of victim orgs. Are we talking orders of magnitude bigger than what’s been reported? https://t.co/Um7QFBygCO
— Brian Fung (@b_fung) March 6, 2021
Sources who've briefed U.S. national security advisors say >30K U.S. organizations hacked by newly-found holes in Microsoft's Exchange email products, and that 100s of thousands of victim organizations worldwide now have web-based backdoors installed. https://t.co/IdSboDUys9
— briankrebs (@briankrebs) March 5, 2021
“Obviously this is a big F’ing deal,” a state official tells @snlyngaas about the exploitation of Microsoft Exchange Server by Chinese hackers. https://t.co/FP890LPZvQ
— Benjamin Freed (@brfreed) March 6, 2021
New ---> Federal officials scramble to assess widening Microsoft Exchange Server fallout https://t.co/aiESaZ9urv
— Sean Lyngaas (@snlyngaas) March 6, 2021
“Officials @DHSgov @CISAgov held phone briefings w/ state & local officials Friday & Saturday to assess the scope of the #Compromises & @WHNSC urged #Vulnerable #Organizations to ‘take immediate measures’ to determine if they were affected.” https://t.co/rYPKGhn8PB @snlyngaas
— Christina Ayiotis (@christinayiotis) March 6, 2021
Microsoft previously blogged our strong recommendation that customers upgrade their on-premises Exchange environments to the latest supported version. | https://t.co/tm2Ur1vkSv
— 780th Military Intelligence Brigade (Cyber) (@780thC) March 7, 2021
【注意喚起】(2/2)
— 内閣サイバー(注意・警戒情報) (@nisc_forecast) March 7, 2021
当該製品のユーザーや管理者の方は、以下で情報を確認できます。早急に対策を検討してください。
マイクロソフト Multiple Security Updates (米国時間3/5更新)https://t.co/K7TTi1YhS6
マイクロソフト Vulnerabilities Mitigations (米国時間3/6更新)https://t.co/EM6CLkttOm
先日定例外で公開したゼロデイ攻撃が確認されているExchangeの脆弱性に対するセキュリティパッチ。早急適用を強く強く推奨しています。パッチ適用に時間がかかる環境にて、当面の対策として活用頂ける緩和策の追加公開しました。併せて是非ご確認お願いします https://t.co/EssfNjwlvY
— Yurika (@EurekaBerry) March 6, 2021
Providing alternative mitigation techniques to help Microsoft Exchange customers needing more time to patch deployments & are willing to make risk & service function trade-offs. These mitigations are not remediation & aren't full protection against attack. https://t.co/n6GD7vjMXD
— Security Response (@msftsecresponse) March 5, 2021
https://t.co/PvXMhTIbVQ#MSExchange #onpremises #infosec
— Scott Schnoll (@schnoll) March 5, 2021
Keep updating your servers, but read this article for some mitigations.
"Interim mitigations if you are unable to patch Exchange Server 2013, 2016, and 2019" by @msftsecurity https://t.co/hpXvboEvAr
— CIRCL (@circl_lu) March 6, 2021
Patch and reviewing the security of your exchange servers is critical as many got already compromised in the wild.
Suggested mitigations for Exchange recent vulns just in case you cannot patch as fast as you'd like (big Orgs are often "complex" and slow): https://t.co/nNnJdHqmsF
— ☠ Román Medina-Heigl Hernández (@roman_soft) March 6, 2021
For those who can’t patch the #ProxyLogon Exchange vulnerabilities immediately - here are some interim mitigations to prevent additional compromise. https://t.co/EXx97K6dkS pic.twitter.com/QGyPTcEXZI
— Christopher Glyer (@cglyer) March 5, 2021
Observed volume of copycat attacks is growing. Microsoft's strong recommendation is to patch patch patch... https://t.co/Qm97L2n99t
— Nıŋʝąƈąɬ ? (@RavivTamir) March 6, 2021
Chinese Hacking Spree Hit ‘Astronomical’ Number of Victims #China just “owned the world-or at least everyone w Microsoft Outlook Web Access. When was the last time someone was so bold to just hit everyone?"#Cyber #Cybersecurity #CyberAttack #Hafnium https://t.co/XbzK04PeWj
— Andrew Patterson (@TxPatt) March 6, 2021
This will probably overshadow the SolarWinds supply-chain attack... The number of possible victims is 'astronomical' https://t.co/fYu7AljX4s
— Paolo Passeri (@paulsparrows) March 6, 2021
Federal officials scramble to assess widening Microsoft Exchange Server fallout https://t.co/XdJw1QAUFR
— Patrick C Miller (@PatrickCMiller) March 8, 2021
Federal officials scramble to assess widening Microsoft Exchange Server fallout https://t.co/pKveKjO3Ai
— Stéphane Duguin (@DuguinStephane) March 6, 2021
Microsoft Exchange Server Vulnerabilities Mitigations – updated March 6, 2021 – Microsoft Security Response Center https://t.co/9Ur1a6ekKB
— Ann Johnson (@ajohnsocyber) March 7, 2021
Use the #Microsoft Support Emergency Response Tool (MSERT) to scan #MSExchange Server, detect and remediate the latest threats known to abuse the vulnerabilities disclosed on March 2, 2021.
— Lukas Sassl (MSFT) (@JohnDoe_1987_) March 7, 2021
More information: https://t.co/7hUrGsUNpx#Infosec
So what are we going to do about it? Bluster some more? Slap some wrists? Communist China is a police state. It can stop this if it wants to. America has to make it want to.
— J Michael Waller (@JMichaelWaller) March 7, 2021
This, the OPM hack, and so much else plus the pandemic. Reparations now. https://t.co/77hizPS7VF
Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims | WIRED https://t.co/fnlJdPKrzN
— candacemariecooper (@candies2639) March 8, 2021
Chinese Hacking Spree Hit an ‘Astronomical’ Number of Victims: A single group appears to have infiltrated tens of thousands of Microsoft Exchange servers in an ongoing onslaught – Wired https://t.co/3gIqrUJ92e
— Sense Hofstede (@sehof) March 6, 2021
Lately, hackers are attacking us at our digital choke-points!#Solarwinds and now this.
— Sarbjeet Johal (@sarbjeetjohal) March 7, 2021
A single group appears to have infiltrated tens of thousands of Microsoft Exchange servers in an ongoing onslaught.@Craw @dvellante @BillMew @sallyeaveshttps://t.co/vOUJb61VDl via @wired