BI.ZONE: Dozens of companies in Russia were hacked due to Microsoft’s mail vulnerability

MOSCOW, November 21 – RIA Novosti. Dozens of companies in Russia have been hacked through a Microsoft Exchange business mail server vulnerability since August 2022; From the digital risk management company BI.ZONE to RIA Novosti, it was learned that as a result of the events, hackers stole the internal correspondence of the institution and then demanded a ransom in order not to publish the stolen data.

“Since August 2022, dozens of Russian organizations have been hacked due to a vulnerability in the Microsoft Exchange business mail server. The victims were mostly representatives of small and medium-sized businesses,” the report states.

Experts have learned that hackers attack companies using a special utility that allows you to retrieve emails and a contact list of all users of the organization, and then upload all correspondence with files attached to letters.

Companies learned that they were hacked when employees received an email from [email protected]. The attackers wrote a dotted letter to a group of employees of the organization that was attacked. The letter mentioned payment for supposedly provided security audit services, but in reality it amounted to a ransom – the amount that had to be paid for the hacker not to publish the stolen information. Experts pointed out that in some letters, this amount reached 10 thousand dollars.

“Although this vulnerability and its elimination have been known since the fall of 2021, the victims of the hackers were companies that failed to upload the latest security updates to the Microsoft Exchange server in a timely manner,” said Teimur Kheirkhabarov, director of BI.ZONE Cyber. ​Threat Monitoring, Response and Research Department. Such attacks once again reminded the importance of closing the cybersecurity gaps of the company in a timely manner.