Technology

Many APT attack teams have exploited a new vulnerability in Microsoft Exchange


According to the National Cyber ​​Security Monitoring Center (NCSC), four serious new vulnerabilities in the Microsoft Exchange email server, although no exploit code is available publicly on the Internet, many APT groups can still exploit. .

In two consecutive months, the National Cyber ​​Security Monitoring Center has warned of new security vulnerabilities in Microsoft Exchange servers. (Artwork: Internet)

The National Cyber ​​Security Monitoring Center (NCSC), the Information Security Department, the Ministry of Information and Communications have just continued to issue a warning to agencies, organizations and enterprises nationwide about 4 new security vulnerabilities. is important on Microsoft Exchange email servers.

The newly reported security vulnerabilities in Microsoft Exchange have all been assessed as critical, including: “CVE-2021-28480”, “CVE-2021-28481”, “CVE-2021-28482″ and ” CVE-2021-28483 ”.

All four security flaws mentioned above allow attackers to insert and execute malicious commands, install malicious code and take control of the system. In which, there are 2 vulnerabilities “CVE-2021-28480”, “CVE-2021-28481”, the attacker can successfully exploit without authentication.

These vulnerabilities affect many versions of Microsoft Exchange, from Microsoft Exchange Server 2013, Microsoft Exchange Server 2016, to Microsoft Exchange Server 2019. Microsoft currently has a patch to fix four new security vulnerabilities.

A representative of the National Cyber ​​Security Monitoring Center said that although there is no exploit code publicly available on the Internet, it is possible that many APT attack groups have exploited this vulnerability.

Therefore, the National Cyber ​​Security Monitoring Center recommends that administrators at agencies and organizations should check and update the patch as soon as possible according to Microsoft’s instructions.

E-mail is an important system for the organization’s activities, and contains a lot of sensitive data. So are groups network attack often focus on exploiting the vulnerabilities of this system to steal information and data.

According to a preliminary assessment of the National Cyber ​​Security Monitoring Center in early March 2021, there are many Vietnamese e-mail servers using Microsoft Exchange. Some of these systems include email servers of state agencies, banking, finance, enterprises and other large organizations.

From March last year up to now, the National Cyber ​​Security Monitoring Center, the Information Security Department have sent a warning four times to agencies, organizations and enterprises about 15 security vulnerabilities in computers Microsoft Exchange email server.

Specifically, according to a warning dated 2/3/2020, the security vulnerability “CVE-2020-0688” in email servers using Microsoft Exchange affects most versions of Microsoft Exchange (2010, 2013, 2016, 2019) allows attackers to insert and execute unauthorized code, thereby controlling email servers and stealing data on the system.

With a warning in mid-December 2020, six security vulnerabilities in email servers using Microsoft Exchange were reported at that time by the National Cyber ​​Security Monitoring Center, including: “CVE -2020-1711 ”,“ CVE-2020-17132 ”,“ CVE-2020-17141 ”,“ CVE-2020-17142 ”,“ CVE-2020-17143 ”and“ CVE-2020-17144 ”. Considered to be of high to severe danger, the vulnerabilities affect most versions of Microsoft Exchange, allowing attackers to insert and execute unauthorized code and then take control of mail servers. Electronic and data theft on the system.

Most recently, on 3/3/2021, Cyber ​​Security Surveillance Center warned of 4 high-risk vulnerabilities including “CVE-2021-26855”, “CVE-2021-26857”, “CVE-2021-26858” and “CVE-2021-27065”. These vulnerabilities allow attackers to access the system server, insert and execute code remotely.

Van Anh

Handling a dangerous APT attack against Vietnam

Handling a dangerous APT attack against Vietnam

Immediately after collecting information and assessing the situation, the Department of Information Security cooperated with ISPs to prevent and handle dangerous APT attacks targeting Central Asian and Southeast Asian countries, including Vietnam.

.

Leave a Reply

Your email address will not be published. Required fields are marked *