Australian individuals and business leaders have been urged by the government's lead cyber security agency to shore up their versions of Microsoft Exchange or risk being hacked.
In an online alert, the Australian Cyber Security Centre (ASCS) said several Australian organisations had been impacted by the recent attack on Microsoft email servers carried out by hackers from Hafnium, a state-sponsored group operating out of China.
But some organisations are still exposed, the cyber security agency warned.
"The ... ACSC has identified extensive targeting, and has confirmed compromises, of Australian organisations with vulnerable Microsoft Exchange deployments," it said in a statement.
"A large number of Australian organisations are yet to patch vulnerable versions of Microsoft Exchange, leaving them vulnerable to compromise. The ACSC urges these organisations to do so urgently."
If the vulnerabilities were exploited by hackers, an attacker would be able to write files, execute code and have a high degree of access to the Microsoft Windows operating system.
"Microsoft has observed instances where the attacker has uploaded web shells to maintain persistent access to compromise Exchange servers," the ASCS said.
In a Microsoft blog post that is being constantly updated, the tech giant said it was seeing instances of malicious actors beyond Hafnium that were taking advantage of unpatched, still-vulnerable versions of Microsoft Exchange.
What should I do?
If your organisation uses Microsoft Exchange, you should update your version of Microsoft Exchange to the latest version.
Organisations will need to patch up these vulnerabilities:
CVE-2021-26855 - server-side request forgery (SSRF) vulnerability in Exchange.
CVE-2021-26857 - insecure deserialization vulnerability in the Unified Messaging service.
CVE-2021-26858 - post-authentication arbitrary file write vulnerability in Exchange.
CVE-2021-27065 - post-authentication arbitrary file write vulnerability in Exchange.
Microsoft has also released security patches for 2013, 2016 and 2019 versions of Microsoft Exchange, with further details on the security updates here. You can find Microsoft's blog post on how to install the security updates here.
If your organisation has been affected by this hack attack, the ASCS urged Australians to get in touch via 1300 CYBER1.
"Because we are aware of active exploits of related vulnerabilities in the wild (limited targeted attacks), our recommendation is to install these updates immediately to protect against these attacks," Microsoft said in a comprehensive blog post from 2 March.