Multiple attack groups exploit critical Microsoft Exchange Server vulnerabilities patched last week – and this activity began before the company released emergency fixes on March 2.
Security firms including FireEye and Red Canary are currently tracking the exploit activity in clusters and expect the number of clusters to grow over time. Researchers at ESET have detected around ten APT groups using the critical vulnerabilities to target Exchange servers.
When Microsoft released patches for the zero-day exchange vulnerabilities, it attributed the activity to a Chinese state-sponsored group named Hafnium. But, now, as researchers observe Web shells arising from suspected Exchange exploitation, they believe far more groups are behind the growth in attack activity.
To Read More: DarkReading