A single state-sponsored threat group, according to Microsoft, has been using the new Exchange Server zero-day vulnerabilities in highly targeted attacks. Microsoft has been looking into the attacks that exploit these vulnerabilities.
The tech giant estimates that a single threat actor has taken advantage of the Exchange zero-days identified as CVE-2022-41040 and CVE-2022-21082, with a medium level of confidence. Less than 10 organizations worldwide are the targets of attacks that the company is aware of. The vendor was informed of the vulnerabilities and their exploitation through the Zero Day Initiative (ZDI) by the Vietnamese cybersecurity company GTSC, which claimed to have observed an attack aimed at critical infrastructure.
The security company thinks a Chinese threat group was behind the attack. Microsoft pointed out that the vulnerabilities CVE-2022-41040 and CVE-2022-41082 can also be exploited separately despite how the attackers chained them.