Our Platform

    Protect and safeguard your OT network and operations with the industry's most advanced, most capable cybersecurity platform.

    Learn More

      icon for visibility

      Asset and Network Visibility

      Discover and visualize every asset and every network connection in your OT environment.

      icon for policy enforcement

      Policy Enforcement

      Segment your network and enforce granular policies for true Zero Trust cybersecurity.

        icon-alert

        Anomaly and Threat Detection

        Identify unexpected or unauthorized activity, from Level 0 signals to cloud connections.

        icon for signal integrity

        Signal Integrity Validation

        Monitor physical process signals to detect threats and prevent system damage.

          Mission Secure Platform Overview

          Learn More

            Industries

            Keep your organization secure against cyber threats and take control of your OT network.

            View All Industries

              A Comprehensive Guide to Maritime Cybersecurity

              Learn More

                Resources

                Find helpful OT and ICS cybersecurity resources, guides, and downloads.

                View All Resources

                  eBook: A Comprehensive Guide to OT Cybersecurity

                  Read More

                    About Us

                    Our team of world-class OT, IT, and cybersecurity experts are setting the standard in OT cyber-protection.

                    Learn More

                      Cyber Risk: From a Hacker's Point of View

                      Listen Now
                        2 Min Read

                        Public Service Announcement – 100,000s of Worldwide Organizations Hacked Using Microsoft Exchange Email Server 0-Day Exploits

                        Written by Paul Robertson

                        Worldwide Hack: Microsoft Exchange Server Zero-day Exploits featured image

                        Hundreds of thousands of worldwide organizations are newly hacked via holes in Microsoft’s email software per a Krebs on Security article posted March 5, 2021.

                        “At least 30,000 organizations across the United States — including a significant number of small businesses, towns, cities and local governments — have over the past few days been hacked by an unusually aggressive Chinese cyber espionage unit that’s focused on stealing email from victim organizations, multiple sources tell KrebsOnSecurity. The espionage group is exploiting four newly-discovered flaws in Microsoft Exchange Server email software, and has seeded 100,000s of victim organizations worldwide with tools that give the attackers total, remote control over affected systems.”

                        "This is the real deal," tweeted Christopher Krebs, the former Cybersecurity and Infrastructure Security Agency (CISA) director. "If your organization runs an [Outlook Web Access] OWA server exposed to the internet, assume compromise between 02/26-03/03."

                        Current Situation – What We Know

                        Per a Microsoft Blog Post dated 3/2/21 and updated 3/4/21 and 3/5/21:

                        “Microsoft has detected multiple 0-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks. In the attacks observed, the threat actor used these vulnerabilities to access on-premises Exchange servers which enabled access to email accounts, and allowed installation of additional malware to facilitate long-term access to victim environments. Microsoft Threat Intelligence Center (MSTIC) attributes this campaign with high confidence to HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures.”

                        “The vulnerabilities recently being exploited were CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065, all of which were addressed in today’s Microsoft Security Response Center (MSRC) release – Multiple Security Updates Released for Exchange Server. We strongly urge customers to update on-premises systems immediately. Exchange Online is not affected.”

                        Next Steps – What to Do Now

                        To aid organizations in investigating these attacks, we are sharing the following resources.

                        1. Immediately install the security patch.

                        Microsoft recommends installing the necessary security patch per Microsoft Security Response Center guidance here. This method is the only complete mitigation and has no impact to functionality. This Exchange Team Blog has details on how to install the security update. This will not evict an adversary who has already compromised a server.

                        2. If unable to patch, find interim mitigations.

                        Patching is by far the best method to avoid compromise from this 0-day vulnerability, for that reason Mission Secure strongly encourages taking this route. However, if patching Exchange Server 2013, 2016, and 2019 is absolutely not possible, find interim mitigations per the following Microsoft Security Response Center guidance here.

                        3. Search for indicators of compromise.

                        Immediately copy all Microsoft Exchange Server logs offline. The Microsoft Exchange Server team released a script for checking HAFNIUM indicators of compromise (IOCs). See Scan Exchange log files for indicators of compromise.

                        4. Educate employees to increase vigilance.

                        Employee awareness of this situation is a critical step in improving your organization’s security posture. Notify employees of the current situation and to be extra vigilant and suspicious of all email communications, even those from people they know. This is especially important for those that might be deemed “high value” targets such as finance, helpdesk, engineering, executives, and those in high value or critical roles.

                        5. Notify your corporate ecosystem.

                        Notify your business ecosystem such as customers, partners, vendors, and service providers of this situation. Please share this Mission Secure Blog Post so they too are aware and taking steps to mitigate the risks.

                        Revisit this Blog Post for updates in the coming days.

                        Reading Resources

                        Read more from Mission Secure.

                        Topics:

                        Interested in learning more? Send us a message.