"Hundreds of Thousands" of MS Exchange servers hacked!

US Issues Warning After Microsoft Says China Hacked Its Mail Server Program


Does MS Exchange support end to end encryption? I couldn’t really find an explicit answer with a quick web search.

MS has been trying to get legacy customers off of Exchange in favor of Office365 for at least 5 yrs now… (Looks back at former customer in my consultancy running Exchange '08 and '12…)

Devastating scope:

two cybersecurity experts who’ve briefed U.S. national security advisors on the attack told KrebsOnSecurity the Chinese hacking group thought to be responsible has seized control over “hundreds of thousands” of Microsoft Exchange Servers worldwide — with each victim system representing approximately one organization that uses Exchange to process email.

“It’s police departments, hospitals, tons of city and state governments and credit unions,” said one source who’s working closely with federal officials on the matter. “Just about everyone who’s running self-hosted Outlook Web Access and wasn’t patched as of a few days ago got hit with a zero-day attack.”

1 Like