Microsoft issued a press statement yesterday saying that simple patching of its Exchange Servers will not remove the access of the attacker on systems that have been compromised.
So, the cyber threat still exists in the patched systems and can be exploited by hackers soon, says a research conducted by F-Secure.
Supporting this newly discovered theory is the research carried out by Microsoft 365 Defender Threat Intelligence Team that released a report that human operated ransomware attacks or data exfiltration cannot be reversed just by fixing the vulnerability on the exchange server.
Therefore, hackers can launch follow-on attacks on Exchange Servers that are already compromised, steal data and compromise systems creating other entry points for future exploitation.
Acer Company that manufactures laptops and other computing devices in Taiwan has become a victim of one such attack where critical information such as bank communication, bank balance, financial data related to employees was compromised in the network attack.
Satya Nadella led company says that the attack was launched by Hades Ransomware gang that operates for Hafnium, a state sponsored cyber threat funded by Chinese intelligence.
What’s interesting about the attack is that those spreading Hades exhibit several characteristics mimicking other ransomware gangs, either to divert the focus of investigators or to conceal their actual identity.
The Awake Security Division of Arista Networks confirmed the news and claims that it has enough evidence to that Hades has links to Chinese hacking group Hafnium.
Note- As per F-Secure, countries that have been most affected in Microsoft Exchange Server hack are Italy, Germany, France, UK, US, Belgium, Kuwait, Sweden and the Netherlands along with Taiwan.