3/10/21
By: John Ghose
State-sponsored hackers have accessed the Microsoft email environments of an estimated 30,000 U.S. organizations – including many small and medium-sized companies, universities, and government agencies. This hack is nearly twice the size of the recent SolarWinds hack, and immediate action is needed to determine if your organization has been compromised. Below we explain how to assess whether your organization has been affected, and what to do if your data has been compromised.
On Wednesday, March 3, 2021, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) issued an emergency directive to businesses and organizations running Microsoft Exchange on-premises products. The emergency directive was prompted by a blog post written by Microsoft a day earlier that described successful efforts by a Chinese state-sponsored hacking group to exploit previously unknown “zero day” vulnerabilities of its MS Exchange product. Volexity, the security firm that first discovered the zero-day vulnerabilities, said in this article that hackers have been using these vulnerabilities to access victims’ email environments as far back as January 6, 2021.
According to guidance from Microsoft and CISA, if your organization uses MS Exchange on-premises (not cloud) servers, you should take the following steps immediately:
If you need help with any of these steps, FMG’s Data Protection, Privacy, and Technology practice section is available and already advising several clients who have been affected by this breach. In addition, we are partnering with Tracepoint, a leading cyber incident response firm, to provide clients with a zero-cost initial consultation to help them determine what actions are needed because of this hack. Please contact co-chairs David Cole and John Ghose for further information.
Share
Save Print