Hundreds of thousands of organizations worldwide running Microsoft Exchange email servers have been hacked and infected en masse. Each hacked server was retrofitted with a web shell backdoor that gives the bad guys total remote control, the ability to read all emails, and easy access to the victim’s other computers.
Security experts around the world are now trying to warn and assist these victims before malicious hackers launch what many are calling, with a mixture of fear and anticipation, “Phase 2,” when the bad guys revisit all those hacked servers and populate them with ransomware or other additional hacking tools to penetrate victims’ networks even deeper.
There are currently around 63,000 Exchange servers in Germany with Outlook Web Access openly accessible from the Internet. Of these, at least 26,000 are vulnerable to the current critical vulnerabilities (CVE-2021-26855 et al.), potentially up to 58,000 systems (source: CERT-Bund).
To prevent further infections, we will perform a scan of your infrastructure if necessary to determine whether there is an infection. Please also note that applying the patches provided by Microsoft is not sufficient to clean an already infected system.
Furthermore, we would like to point out that this security vulnerability may result in a data leak, which must be reported to your data protection authority (for more information, see the links below).
Stay safe,
Your DGC Team
Recommended Action:
If your organization does NOT run an Exchange server, you can return to your normal daily activities as this advisory does not apply to you.
If your organization does run an Exchange server, we strongly recommend that you immediately save an offline backup of your email and check the website for more information on patches and remediation.
Related Links:
