With the fear that hackers will attack based on the Zero-day vulnerability of Exchange Server, GTSC will provide free support for users to evaluate the Exchange Server system to determine whether or not has been compromised, has been infected with malicious code and direction. guide to overcome.
On March 2, 2021, Microsoft announced campaigns to attack customers’ servers using Exchange Server through unprecedented security holes (zero-day vulnerabilities), which were later named. are CVE-2021-26855, CVE-2021-26857, CVE-2021-26858 and CVE-2021-27065, which affect MS Exchange Server versions 2013, 2016 and 2019.
Immediately after that, the US Department of Cyber Security and Infrastructure (CISA) assessed this attack was very serious because after hijacking the Exchange email system, hackers could penetrate deeply into the server system. inside to exploit, harm, even steal data.
In a press release on March 13, 2021, GTSC Technology Services and Trading Joint Stock Company (GTSC) said that, GTSC’s Network Security Surveillance Center (SOC) noted, before Microsoft disclosing information on the aforementioned vulnerability, unusual behavior has appeared on the Exchange Server system of many organizations and enterprises in Vietnam. GTSC’s team of cyber defense experts have focused on investigating and clarifying the flow of attacks, analyzing specific abnormal behaviors, and since then early judged that this was a deliberate attack (APT) but in a completely new way and technique, unlike any previously published attack in the world that relies on zero-day exploit. Thanks to the experience in dealing with a series of APT attacks by hacker groups, GTSC experts quickly supported many organizations and businesses to isolate, eliminate and decode the attack before Official information is published in the US.
Realizing the high level of danger, the risk of having a very serious impact on the IT system of many organizations and agencies in Vietnam, GTSC immediately announced the details of identification signs and attack techniques. for organizations and agencies that are using Exchange Server systems to self-check and at the same time update information for in-depth surveillance and defense systems.
“Up to now, after more than a week of being announced, GTSC SOC Center continues to recognize that hackers are still trying to exploit the above security holes to attack the IT systems of GTSC customers. Since then, we believe that many other units and organizations have been, are and will be within the sights of the attacking organizations but do not know. ” – GTSC representative said.
According to GTSC, zero-day vulnerabilities are often difficult to detect because traditional security solutions are not equipped with attack identifiers. However, the ultimate goal of the attacks is to gain control, so there will be unusual behaviors occurring on the system that, if monitored continuously by experienced experts, can. was discovered and isolated very early. How to escape the “magic eye” of the quality surveillance team is a very big challenge for the attacking groups.
To assist the community in this serious case, GTSC will provide free assessment of the Exchange Server system to determine whether or not it has been compromised, to what extent, to be infected with malicious code; Also provide instructions on how to fix it if the intrusion has taken place.
GTSC Vietnam Technology Services and Trading Joint Stock Company (GTSC) was established in 2008 with the orientation of becoming a technology enterprise, GTSC provides all-in-one products, services and solutions for information safety. news, IT and telecommunications.
GTSC has invested in building a network security operation center (SOC) providing monitoring, detecting and responding to security incidents and network attacks.
Email: [email protected]
Details of identification can be found at: