Several cyber threats lurk on compromised systems, according to Microsoft



In the face of multiple hacking attempts on its corporate email servers around the world, Microsoft has reiterated the warning that patching a system does not necessarily remove the attacker’s access.

The major vulnerabilities in Microsoft’s business email servers have left cyber security experts at a loss as this attack is now being exploited for all of a large number of criminal gangs, government-backed threat actors and opportunistic “script kiddies,” researchers at F – Sure said last week.

Although many on-premises Microsoft Exchange servers have been patched, new research has found that multiple threats still lurk on systems that have already been compromised.

According to the Microsoft 365 Defender Threat Intelligence Team, many of the compromised systems have not yet received any secondary action, “such as

“These actions could include follow-up attacks via persistence on Exchange servers that they have already compromised, or using credentials and data stolen during these attacks to compromise networks through other entry vectors,” the tech giant said in its latest update .

Taiwanese electronics and computer maker Acer has already been hit by a ransomware attack in which hackers are demanding $ 50 million, the largest known ransom to date.

According to Bleeping Computer, hackers accessed Acer documents containing financial tables, bank balances and bank communications and compromised their network through a Microsoft Exchange server vulnerability.

Previous reports alleged that five different groups of hackers (including the China-backed Hafnium group) were exploiting vulnerabilities in Microsoft’s business email servers.

According to Microsoft, attackers who included the exploit in their toolkits, be it by modifying public proof-of-concept exploits or doing their own research, used their window of opportunity to gain access to as many systems as possible.

“Some attackers were advanced enough to remove other attackers from their systems and use multiple persistence points to maintain access to a network,” the company noted.

Microsoft said it was important to note that “some post-compromise techniques allow attackers to gain highly privileged permanent access, but much of the subsequently effective attacker activity can be mitigated by practicing the principle of least privilege and mitigating lateral movement become”.

According to the F-Secure report, Italy, Germany, France, the UK, the US, Belgium, Kuwait, Sweden, the Netherlands and Taiwan are currently the countries with the most detections (in descending order).


na / dpb

(Only the headline and image of this report may have been revised by Business Standard staff; the rest of the content is automatically generated from a syndicated feed.)

Dear Reader,

Business Standard has always endeavored to provide updated information and commentary on developments that are of interest to you and have far-reaching political and economic implications for the country and the world. Your encouragement and constant feedback to improve our offering has only strengthened our determination and commitment to these ideals. Even in these troubled times resulting from Covid-19, we continue to strive to keep you updated with credible news, authoritative views, and concise comments on current affairs.
However, we have a request.

In the fight against the economic effects of the pandemic, we need your support even more so that we can continue to offer you high-quality content. Our subscription model has had an encouraging response from many of you who have subscribed to our online content. More subscriptions to our online content can only help us achieve our goals of offering you even better and more relevant content. We believe in free, fair and credible journalism. Your support through more subscriptions can help us practice the journalism to which we are dedicated.

Support quality journalism and Subscribe to Business Standard.

Digital editor



About Author

Leave A Reply