The FBI and the Cybersecurity and Infrastructure Security Agency have issued a joint advisory saying hackers trying to exploit vulnerabilities in on-premises Microsoft Exchange Servers include nation-state actors and that the targeted organizations in this breach appear to match the entities that are being zeroed in by threat actors from China, Nextgov reported Thursday.
CISA and the bureau said local governments, nongovernmental organizations, academic institutions and businesses in various sectors, including defense, aerospace, pharmaceutical and power utilities, are being targeted by these cyber hackers.
“This targeting is consistent with previous targeting activity by Chinese cyber actors. Illicitly obtained business information, advanced technology, and research data may undermine business operations and research development of many U.S. companies and institutions,” the joint advisory reads.
The FBI and CISA warned that private companies and federal civilian agencies face “a serious risk” as threat actors exploit weaknesses in Microsoft Exchange in order to secure persistent access and control an enterprise network.
“FBI and CISA assess that adversaries will continue to exploit this vulnerability to compromise networks and steal information, encrypt data for ransom, or even execute a destructive attack. Adversaries may also sell access to compromised networks on the dark web,” the advisory states.
CISA issued an emergency directive requiring agencies to update their on-premises servers with security patches or disconnect the products. Microsoft released those security patches after it found that a state-sponsored threat actor from China, called Hafnium, was targeting defense contractors, policy think tanks, infectious disease researchers, law firms and other entities to steal data by compromising the servers.